Support NuGet dependencies in MSBuild project files #1131
Comments
|
Thanks for the PR! I will try and review it soon - but it may be a few weeks as I am doing final preparation for a conference. |
|
Note that this does not support "transitive" dependencies yet, as in dependencies of other dependencies. That might require hitting the NuGet API recursively, or perhaps someone knows of a way to query them locally that I don't. But because of this, you might want to flag this analyzer as experimental until that is resolved. |
|
That is a really good point; if we did implement something that hit the NuGet APIs we would need to have on the roadmap support for internally hosted NuGet repos (such as available via Artifactory, etc). |
|
@paulirwin do you know if the NuGet APIs are documented anywhere? |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
DependencyCheck currently has an analyzer for nuspec files, but with the new MSBuild project format you now specify your NuGet dependencies directly in the .csproj/.vbproj, and it does not copy them into a packages folder such that there are .nuspec files to analyze.
For further reading, here is a blog post with the announcement.
I'd like to help contribute an analyzer for MSBuild project file dependencies.
The text was updated successfully, but these errors were encountered: