VertiGIS.NugetScan 1.0.7

dotnet tool install --global VertiGIS.NugetScan --version 1.0.7                
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local VertiGIS.NugetScan --version 1.0.7                
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=VertiGIS.NugetScan&version=1.0.7                
nuke :add-package VertiGIS.NugetScan --version 1.0.7                

NugetScan

Nuget Vulnerability Scanner lightweight CLI tool

This CLI tool is used in conjuntion with dotnet restore or nuget restore, and allows you to properly identify and ignore vulnerabilities found within your .NET project.

How to run this tool

After installation, this tool can be run as follows:

nugetscan <solution file.sln> <source directory>

This will run nuget restore on the provided solution.

To force the tool to run dotnet restore, simply add the --useDotNet flag.

Ignoring vulnerabilities

Vulnerabilities can be ignored by creating a file called nugetconfig.json at the root of your source directory. The json file is structured as follows:

{
    "vulnerabilities": [
        {    
            "url": Github advisory URL as string,
            "expiry": Date in YYYY-MM-DD format,
            "statement": This is an optional property that allows for a comment on the vulnerability.
        },
        ...
    ]
}

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
1.0.7 1,299 6/4/2024
1.0.6 186 5/24/2024
1.0.5 139 5/10/2024