Added support for specifying a project or solution to check

README.md

@@ -4,9 +4,26 @@ This action will check for vulnerable NuGet packages in the entire repository. I
 
 The code is based on [this excellent blog post by Steven Giesel](https://steven-giesel.com/blogPost/a825c041-26dc-4488-8707-17697871d08e). Development of the action is sponsored by [elmah.io](https://elmah.io).
 
+## Inputs
+
+### `project`
+
+The project or solution file to operate on. If a file is not specified, the command will search current directory for one.
+
 ## Example usage
 
+Check all projects and solutions for vulnerable NuGet packages:
+
 ```yml
 - name: Check vulnerable NuGet packages
-  uses: elmahio/github-check-vulnerable-nuget-packages-action@v1            
+  uses: elmahio/github-check-vulnerable-nuget-packages-action@v1
 ```
+
+Check a specific project for vulnerable NuGet packages:
+
+```yml
+- name: Check vulnerable NuGet packages
+  uses: elmahio/github-check-vulnerable-nuget-packages-action@v1
+  with:
+    project: 'src/HelloWorld.csproj'
+```

action.yml

@@ -4,6 +4,12 @@ description: 'GitHub Action to check for vulnerable NuGet packages.'
 branding:
   icon: 'check-circle'
   color: 'green'
+inputs:
+  project:
+    description: 'The project or solution file to operate on. If a file is not specified, the command will search current directory for one.'
+    required: false
 runs:
   using: 'docker'
-  image: 'Dockerfile'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.project }}

entrypoint.sh

@@ -2,7 +2,7 @@
 set -e # This will cause the script to exit on the first error
 # Ensure the dotnet command is available in PATH
 export PATH="$PATH:/usr/share/dotnet"
-OUTPUT=$(dotnet list package --vulnerable)
+OUTPUT=$(dotnet list $1 package --vulnerable)
 echo "$OUTPUT"
 if echo "$OUTPUT" | grep -q 'no vulnerable packages'; then
   echo "No vulnerable packages found"