Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nuget csproj support #2668

Closed
Sjord opened this issue Aug 5, 2022 · 2 comments
Closed

Nuget csproj support #2668

Sjord opened this issue Aug 5, 2022 · 2 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning

Comments

@Sjord
Copy link

Sjord commented Aug 5, 2022

C# project files, with the extension .csproj, define dependencies like this:

<PackageReference Include="Foo.Bar" Version="1.2.3.4" />

I would like for Trivy to scan these dependencies for known vulnerabilities.

See also NuGet Support · Issue #681 · aquasecurity/trivy.
@Sjord Sjord added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 5, 2022
Sjord added a commit to Sjord/go-dep-parser that referenced this issue Aug 8, 2022
@Sjord
Parse deps specified as PackageReference in .csproj files
4010a30 
C# project files, with the extension .csproj, are XML files that can specify project dependencies in `<PackageReference>` tags.

See also:
* aquasecurity/trivy#2668
* https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files
@Sjord Sjord mentioned this issue Aug 8, 2022
Open
Sjord added a commit to Sjord/go-dep-parser that referenced this issue Aug 8, 2022
@Sjord
feat(nuget): Parse deps specified as PackageReference in .csproj files
0f8900c 
C# project files, with the extension .csproj, are XML files that can specify project dependencies in `<PackageReference>` tags.

See also:
* aquasecurity/trivy#2668
* https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files
@github-actions
Copy link

github-actions bot commented Oct 5, 2022

This issue is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Oct 5, 2022
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 4, 2023
@itaysk itaysk added scan/vulnerability Issues relating to vulnerability scanning and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. labels Mar 4, 2023
@itaysk itaysk reopened this Mar 4, 2023
@hazcod
Copy link

hazcod commented May 5, 2023

@Sjord Sorry, were you ever to merge this into trivy?

@aquasecurity aquasecurity locked and limited conversation to collaborators May 8, 2023
@knqyf263 knqyf263 converted this issue into discussion #4220 May 8, 2023

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sjord @itaysk @hazcod