Added dependency scanning and removed a duplicated dependency

JossSparkesAnswer · JossSparkesAnswer · commit 0f36e5989e87 · 2022-04-04T15:41:08.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -59,6 +59,36 @@ jobs:
       - name: Secret detection
         uses: zricethezav/gitleaks-action@master
 
+  dependency-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: "6.0.x"
+
+      - name: Enable NuGet cache
+        uses: actions/cache@v2.1.7
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget
+
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          
+      - name: Install SonarCloud scanner
+        run: dotnet tool install --global NuGetDefense.Tool
+
+      - name: Restore dependencies
+        run: dotnet restore
+        working-directory: ./src
+
+      - name: Dependency Scanning
+        run: nugetdefense -p src/Monai.Deploy.WorkloadManager.sln --settings-file NuGetDefense.json
+
   build:
     runs-on: ubuntu-latest
     steps:
diff --git a/NuGetDefense.json b/NuGetDefense.json
@@ -0,0 +1,35 @@
+{
+    "WarnOnly": false,
+    "VulnerabilityReports": {
+        "OutputTextReport": true
+    },
+    "CheckTransitiveDependencies": true,
+    "CheckReferencedProjects": false,
+    "ErrorSettings": {
+        "ErrorSeverityThreshold": "any",
+        "Cvss3Threshold": -1,
+        "IgnoredPackages": [
+            {
+                "Id": "NugetDefense"
+            }
+        ],
+        "IgnoredCvEs": [],
+        "AllowedPackages": [],
+        "WhiteListedPackages": [],
+        "BlockedPackages": [],
+        "BlacklistedPackages": []
+    },
+    "GitHubAdvisoryDatabase": {
+        "ApiToken": "",
+        "Username": "",
+        "Enabled": false,
+        "BreakIfCannotRun": false
+    },
+    "NVD": {
+        "SelfUpdate": false,
+        "TimeoutInSeconds": 15,
+        "Enabled": true,
+        "BreakIfCannotRun": true
+    },
+    "SensitivePackages": []
+}
diff --git a/src/WorkloadManager/Monai.Deploy.WorkloadManager.csproj b/src/WorkloadManager/Monai.Deploy.WorkloadManager.csproj
@@ -25,7 +25,6 @@
     <PackageReference Include="Ardalis.GuardClauses" Version="4.0.1" />
     <PackageReference Include="Karambolo.Extensions.Logging.File" Version="3.2.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.3" />
-    <PackageReference Include="Karambolo.Extensions.Logging.File" Version="3.2.1" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning" Version="5.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning.ApiExplorer" Version="5.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.3" />
