Photo by Adi Goldstein on Unsplash
Recently i came across the following post describing tools we can use to audit our code.
As suggested in this issue, we just had to add a script to inject the dependency in our .csproj before the build to perform analysis without impacting local dev.
REM @Echo off FOR /R %~dp0 %%f in (*.csproj) do ( CALL dotnet add %%~ff package SecurityCodeScan --version 3.5.3 )
A page helped me with the syntax for the FOR loop.
%~dp0 refers to the directory the script is.
Hope this help !