This action will check for vulnerable NuGet packages in one or more projects/solutions. If vulnerable packages are found, they will be listed and the build will fail.

The code is based on this excellent blog post by Steven Giesel. Development of the action is sponsored by elmah.io.

The project or solution file to operate on. If a file is not specified, the command will search current directory for one.

Check all projects and solutions for vulnerable NuGet packages:

- name: Check vulnerable NuGet packages
  uses: elmahio/github-check-vulnerable-nuget-packages-action@v1

Check a specific project for vulnerable NuGet packages:

- name: Check vulnerable NuGet packages
  uses: elmahio/github-check-vulnerable-nuget-packages-action@v1
  with:
    project: 'src/HelloWorld.csproj'