NuGet Application Analysis

NEW IN RELEASE 104

What is supported

Nuget project by scanning the following project files:

  • <anyname>.csproj
  • packages.config

Both are package file options used in NuGet projects. To learn how, please refer to the documentation.

What do we parse from a file?

.csproj

Include and version fields will be evaluated. For example:

  • Include: Contoso.Utility.UsefulStuff
  • Version: 3.6.0

Only components with an exact version specified are evaluated.

<Project Sdk="Microsoft.NET.Sdk">
	<ItemGroup Condition = "'$(TargetFramework)' == 'net452'">
		<PackageReference Include="Contoso.Utility.UsefulStuff" Version="3.6.0" />
		<PackageReference Include="Contoso.Utility.UsefulStuff" Version="3.6.*" />
	</ItemGroup>
</Project>

packages.config

Id and version fields will be evaluated. For example:

  • id: 7zip
  • version: 4.23.0
 <?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="7zip" version="4.23.0" targetFramework="net46" developmentDependency="true" />
  <package id="bootstrap" version="4.0.0-beta" targetFramework="net46" developmentDependency="true" />
</packages>

Steps to analyze using the Nexus IQ CLI

Run a scan

Invoke a Nexus IQ CLI scan of a directory or subdirectories containing .csproj files.  Instructions on how to do this can be found here: Nexus IQ CLI.

<Project Sdk="Microsoft.NET.Sdk">
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore" Version="1.1.1" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.2" />
    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.1" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="1.1.1" />
  </ItemGroup>
</Project>


Output from Nexus IQ CLI

Nexus Lifecycle Dashboard Results

Nexus Lifecycle Report Results

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the packages.config, or .csproj files. A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication:  'SampApp' , iqScanPatterns: [[scanPattern:  '**/*.csproj'], [scanPattern:  '**/packages.config']], iqStage:  'build'

To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.