It supports NuGet packages? #869

skarllot · 2025-01-22T15:12:42Z

skarllot
Jan 22, 2025

I'm using dependency-review-action on a repository using NuGet dependencies but appears that it does not detect NuGet packages.

ellenfieldn · 2025-01-31T14:44:41Z

ellenfieldn
Jan 31, 2025

It will only scan packages that are actually added or updated as part of the PR. If the packages were already in place, it does not scan them.

Edit: I used it for nuget packages and it appeared to work FWIW.

2 replies

skarllot Feb 8, 2025
Author

In the following PR it is not scanning updated NuGet package: skarllot/flow-pair#54

ellenfieldn Feb 9, 2025

It looks like you have contents: read at the top level and pull-requests: write at the job level. I don't remember if top-level permissions are respected at the job-level if the job also specifies permissions. It might be worth trying to specify all permissions at the same level.

I used this to get it working, but I am unsure if packages: read was really needed:

permissions:
  contents: read
  packages: read
  pull-requests: write

If that doesn't work, it might be worth adjusting retry-on-snapshot-warnings and retry-on-snapshot-warnings-timeout in case the dependency submission is not completing in time before the action runs.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

It supports NuGet packages? #869

{{title}}

Replies: 1 comment 2 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

Select a reply

It supports NuGet packages? #869

skarllot Jan 22, 2025

Replies: 1 comment · 2 replies

ellenfieldn Jan 31, 2025

skarllot Feb 8, 2025 Author

ellenfieldn Feb 9, 2025

skarllot
Jan 22, 2025

Replies: 1 comment 2 replies

ellenfieldn
Jan 31, 2025

skarllot Feb 8, 2025
Author