Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dotnet list package --vulnerable uses AuditSources #6237

Merged
merged 15 commits into from
Feb 7, 2025

Conversation

Nigusu-Allehu
Copy link
Contributor

@Nigusu-Allehu Nigusu-Allehu commented Jan 24, 2025

Bug

Fixes: NuGet/Home#13767

Description

Design Spec: https://github.com/NuGet/Home/blob/dev/accepted/2024/Dotnet-list-package-vulnerable-uses-auditsources.md

I had the following PR, but I could not reopen it after rebasing : #6206

This PR updates dotnet list package --vulnerable to use user configured <AuditSources>.

Currently, the command only looks into <PackageSources> to load vulnerability data. However, with the introduction of NuGet Audit, other commands now support <AuditSources> to specify vulnerability data sources. This PR makes sure dotnet list package --vulnerable is also up to date and supports <AuditSources>

In order to do a manual test, I specified a package that has only one vulnerability data source. That source is only specified as an Audit source. This is what running dotnet list package --vulnerable results in before and after this PR

Before

image

After

image

PR Checklist

Sorry, something went wrong.

@Nigusu-Allehu Nigusu-Allehu self-assigned this Jan 24, 2025
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from cb0febb to 8d2c6eb Compare January 24, 2025 21:37
@Nigusu-Allehu Nigusu-Allehu marked this pull request as ready for review January 27, 2025 23:43
@Nigusu-Allehu Nigusu-Allehu requested a review from a team as a code owner January 27, 2025 23:43
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from 9e32cfa to 8a89814 Compare January 29, 2025 22:20
jeffkl
jeffkl previously approved these changes Jan 29, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from 8a89814 to c04b00f Compare January 31, 2025 18:02
jeffkl
jeffkl previously approved these changes Feb 5, 2025
@Nigusu-Allehu Nigusu-Allehu requested a review from jeffkl February 7, 2025 21:30
@jeffkl jeffkl self-requested a review February 7, 2025 22:19
@Nigusu-Allehu Nigusu-Allehu merged commit 38f10f6 into dev Feb 7, 2025
23 checks passed
@Nigusu-Allehu Nigusu-Allehu deleted the dev-nyenework-dlp-auditsources branch February 7, 2025 23:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

dotnet list package --vulerable should support auditSources
4 participants