Skip to content

dotnet restore command notes that NuGetAudit only works with nuget.org #39212

New issue
New issue
Open
#50271
Open
dotnet restore command notes that NuGetAudit only works with nuget.org#39212
#50271
Assignees
meaghanlewis
Labels
⌚ Not TriagedNot triageddotnet-cli/subsvcin-prThis issue will be closed (fixed) by an active pull request.
@zivkan

Description

@zivkan
zivkan
opened on Jan 22, 2024

https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-restore#audit-for-security-vulnerabilities

Currently nuget.org is the only package source that we're aware of that provides a vulnerability database for NuGet to run Audit with, however, NuGet will run Audit as long as any source provides the VulnerabilityInfo resource, as documented in the NuGet product's Server API documentation.

Additionally, I think it would be valuable to link to the NuGet product docs page on audit, so customers can get more info, see other options, etc: https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

Metadata

Metadata

Assignees

Labels

⌚ Not TriagedNot triageddotnet-cli/subsvcin-prThis issue will be closed (fixed) by an active pull request.

Type

No type

Projects

dotnet/docs December 2025 sprint

Status

👀 In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions