Skip to content

Dotnet list package --vulnerable uses AuditSources #6237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Feb 7, 2025
Merged

Dotnet list package --vulnerable uses AuditSources #6237

merged 15 commits into from
Feb 7, 2025

Conversation

Nigusu-Allehu
Copy link
Contributor

@Nigusu-Allehu Nigusu-Allehu commented Jan 24, 2025
edited
Loading

Bug

Fixes: NuGet/Home#13767

Description

Design Spec: https://github.com/NuGet/Home/blob/dev/accepted/2024/Dotnet-list-package-vulnerable-uses-auditsources.md

I had the following PR, but I could not reopen it after rebasing : #6206

This PR updates dotnet list package --vulnerable to use user configured <AuditSources>.

Currently, the command only looks into <PackageSources> to load vulnerability data. However, with the introduction of NuGet Audit, other commands now support <AuditSources> to specify vulnerability data sources. This PR makes sure dotnet list package --vulnerable is also up to date and supports <AuditSources>

In order to do a manual test, I specified a package that has only one vulnerability data source. That source is only specified as an Audit source. This is what running dotnet list package --vulnerable results in before and after this PR

Before

image

After

image

PR Checklist

@Nigusu-Allehu Nigusu-Allehu self-assigned this Jan 24, 2025
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from cb0febb to 8d2c6eb Compare January 24, 2025 21:37
@Nigusu-Allehu Nigusu-Allehu marked this pull request as ready for review January 27, 2025 23:43
@Nigusu-Allehu Nigusu-Allehu requested a review from a team as a code owner January 27, 2025 23:43
nkolev92
nkolev92 reviewed Jan 28, 2025
View reviewed changes
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from 9e32cfa to 8a89814 Compare January 29, 2025 22:20
jeffkl
jeffkl previously approved these changes Jan 29, 2025
View reviewed changes
@Nigusu-Allehu Nigusu-Allehu force-pushed the dev-nyenework-dlp-auditsources branch from 8a89814 to c04b00f Compare January 31, 2025 18:02
nkolev92
nkolev92 reviewed Jan 31, 2025
View reviewed changes
nkolev92
nkolev92 reviewed Feb 5, 2025
View reviewed changes
jeffkl
jeffkl previously approved these changes Feb 5, 2025
View reviewed changes
@Nigusu-Allehu Nigusu-Allehu requested a review from jeffkl February 7, 2025 21:30
@jeffkl jeffkl self-requested a review February 7, 2025 22:19
@Nigusu-Allehu Nigusu-Allehu merged commit 38f10f6 into dev Feb 7, 2025
23 checks passed
@Nigusu-Allehu Nigusu-Allehu deleted the dev-nyenework-dlp-auditsources branch February 7, 2025 23:55
@Nigusu-Allehu Nigusu-Allehu added the Breaking-change Label for .NET SDK breaking changes. label Apr 15, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

dotnet-policy-service bot commented Apr 15, 2025
edited by Nigusu-Allehu
Loading

Added needs-breaking-change-doc-created label because this PR has the breaking-change label.

When you commit this breaking change:

  1. Create and link to this issue a matching issue in the dotnet/docs repo using the breaking change documentation template, then remove this needs-breaking-change-doc-created label.
  2. Ask a committer to mail the .NET SDK Breaking Change Notification email list.

You can refer to the .NET SDK breaking change guidelines

@Nigusu-Allehu Nigusu-Allehu mentioned this pull request May 7, 2025
Open
3 tasks
@Nigusu-Allehu
Copy link
Contributor Author

Breaking change doc: dotnet/docs#46042

@Frulfump Frulfump mentioned this pull request Jun 18, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkolev92 nkolev92 nkolev92 approved these changes

@zivkan zivkan Awaiting requested review from zivkan

@jebriede jebriede Awaiting requested review from jebriede

@jeffkl jeffkl Awaiting requested review from jeffkl

Assignees

@Nigusu-Allehu Nigusu-Allehu

Labels
Breaking-change Label for .NET SDK breaking changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dotnet list package --vulerable should support auditSources
4 participants
@Nigusu-Allehu @nkolev92 @jebriede @jeffkl