DevAudit on Mono <4.8 fails with "SecureChannelFailure (The authentication or decryption has failed.)" using Vulners data source.

[allisterb]

TLS 1.2 support was only added to Mono starting in version 4.8. If you use the Vulners API then you will run into this bug: https://bugzilla.xamarin.com/show_bug.cgi?id=26658

Scanning dpkg packages...
14:55:50<01> [AUDIT] [SUCCESS] Scanned 1002 dpkg packages.
Searching Vulners for vulnerabilities for 1002 packages...
14:55:51<01> [AUDIT] [ERROR] Error in GetVulnerabilities task
Searching Vulners for vulnerabilities for 1002 packages...
14:55:51<01> [AUDIT] [ERROR] Exception occurred.
Exception: Error: SecureChannelFailure (The authentication or decryption has failed.) Inner Exception: The authentication or decryption has failed.

The vulners.com server uses newer TLS ciphers which are not implemented in older versions of Mono.

The only solution is to update your mono-devel package to a more recent version of Mono, ideally Mono 5. Instructions for Debian/Ubuntu/CentOS/Rasbian are here. We will probably make Mono 5 required for DevAudit since it brings a lot of improvements to the Mono stack. Notably for DevAudit the transient build errors with NuGet seem to be gone, msbuild can now be used on Linux instead of the crappier xbuild, and DevAudit seems to run faster with the new runtime.