VertiGIS.NugetScan
1.0.7
dotnet tool install --global VertiGIS.NugetScan --version 1.0.7
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local VertiGIS.NugetScan --version 1.0.7
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=VertiGIS.NugetScan&version=1.0.7
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
nuke :add-package VertiGIS.NugetScan --version 1.0.7
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
NugetScan
Nuget Vulnerability Scanner lightweight CLI tool
This CLI tool is used in conjuntion with dotnet restore
or nuget restore
, and allows you to properly identify and ignore vulnerabilities found within your .NET project.
How to run this tool
After installation, this tool can be run as follows:
nugetscan <solution file.sln> <source directory>
This will run nuget restore
on the provided solution.
To force the tool to run dotnet restore
, simply add the --useDotNet
flag.
Ignoring vulnerabilities
Vulnerabilities can be ignored by creating a file called nugetconfig.json
at the root of your source directory. The json file is structured as follows:
{
"vulnerabilities": [
{
"url": Github advisory URL as string,
"expiry": Date in YYYY-MM-DD format,
"statement": This is an optional property that allows for a comment on the vulnerability.
},
...
]
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
This package has no dependencies.