Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't allow NuGet tasks to call vulnerability APIs #10964

Open
brettfo opened this issue Nov 19, 2024 · 1 comment
Open

Don't allow NuGet tasks to call vulnerability APIs #10964

brettfo opened this issue Nov 19, 2024 · 1 comment
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet

Comments

@brettfo
Copy link
Contributor

brettfo commented Nov 19, 2024
edited
Loading

When doing NuGet dependency detection, we essentially call dotnet restore and part of that involves NuGet checking for known vulnerabilities. We don't use this directly. There's likely an environment variable or MSBuild property that we can set to avoid this.

Relevant error numbers are NU1903 and NU3028
@brettfo brettfo added the L: dotnet:nuget NuGet packages via nuget or dotnet label Nov 19, 2024
@brettfo
Copy link
Contributor Author

brettfo commented Nov 19, 2024

This might be solved by setting the property $(NuGetAudit) to false when evaluating anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: dotnet:nuget NuGet packages via nuget or dotnet
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brettfo