Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add package vulnerability information #3024

Merged
merged 1 commit into from
Nov 25, 2024
Merged

Add package vulnerability information #3024

merged 1 commit into from
Nov 25, 2024

Conversation

MichelZ
Copy link
Contributor

@MichelZ MichelZ commented Nov 20, 2024

AI Blurp

This pull request includes changes to the NuGet configuration and build properties to improve package source auditing and manage warnings more effectively. The most important changes are as follows:

NuGet Configuration Updates:

  • NuGet.config: Added an auditSources section to specify sources for auditing, including nuget.org as an audit source.

Build Properties Enhancements:

Description

Adding new functionality for .NET 9 / VS 17.12 / NuGet 6.12 with Audit Sources.
Also adding that the vulnerabilities (currently) are not treated as errors, but this can of course be enabled in the future

The idea is that package vulnerabilities get visibility at least on a warning level everywhere.
I'm sure I don't have to remind anyone of this, but I still do 😁 :
https://blogs.microsoft.com/blog/2024/05/03/prioritizing-security-above-all-else/

If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. -- Satya Nadella

@codecov Codecov
Copy link

codecov bot commented Nov 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.73%. Comparing base (1b9df10) to head (0213a45).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3024      +/-   ##
==========================================
+ Coverage   72.64%   72.73%   +0.08%     
==========================================
  Files         285      285              
  Lines       59160    59160              
==========================================
+ Hits        42979    43028      +49     
+ Misses      16181    16132      -49
Flag Coverage Δ
addons 92.58% <ø> (ø)
netcore 75.46% <ø> (+0.07%) ⬆️
netfx 71.13% <ø> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@MichelZ
Copy link
Contributor Author

MichelZ commented Nov 20, 2024

Also related to #2568

@mdaigle mdaigle added the ➕ Code Health Issues/PRs that are targeted to source code quality improvements. label Nov 25, 2024
@mdaigle mdaigle added this to the 6.0-preview3 milestone Nov 25, 2024
@mdaigle mdaigle merged commit 88c5ada into dotnet:main Nov 25, 2024
82 checks passed
@MichelZ MichelZ mentioned this pull request Nov 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

@mdaigle mdaigle mdaigle approved these changes

@benrr101 benrr101 Awaiting requested review from benrr101

@apoorvdeshmukh apoorvdeshmukh Awaiting requested review from apoorvdeshmukh

@David-Engel David-Engel Awaiting requested review from David-Engel

Assignees
No one assigned
Labels
➕ Code Health Issues/PRs that are targeted to source code quality improvements.
Projects
None yet
Milestone
6.0-preview3
Development

Successfully merging this pull request may close these issues.
3 participants
@MichelZ @mdaigle @cheenamalhotra