NuGet Application Analysis

NEW IN RELEASE 104

What is supported

Nuget project by scanning the following project files:

  • <anyname>.csproj
  • packages.config

Both are package file options used in NuGet projects. To learn how, please refer to the documentation.

What do we parse from a file?

.csproj

Include and version fields will be evaluated. For example:

  • Include: Contoso.Utility.UsefulStuff
  • Version: 3.6.0

Only components with an exact version specified are evaluated.

<Project Sdk="Microsoft.NET.Sdk">
	<ItemGroup Condition = "'$(TargetFramework)' == 'net452'">
		<PackageReference Include="Contoso.Utility.UsefulStuff" Version="3.6.0" />
		<PackageReference Include="Contoso.Utility.UsefulStuff" Version="3.6.*" />
	</ItemGroup>
</Project>

packages.config

Id and version fields will be evaluated. For example:

  • id: 7zip
  • version: 4.23.0
 <?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="7zip" version="4.23.0" targetFramework="net46" developmentDependency="true" />
  <package id="bootstrap" version="4.0.0-beta" targetFramework="net46" developmentDependency="true" />
</packages>

Integrations with Nuget scanning support

For .csproj, packages.config files

  • CLI from version 104
  • Jenkins from version 3.10.20210222-102732.7875f67 
  • Bamboo - Coming soon

Steps to analyze using the CLI

Run a scan

Invoke a CLI scan of a directory or subdirectories containing .csproj files.  Instructions on how to do this can be found here: Nexus IQ CLI.

<Project Sdk="Microsoft.NET.Sdk">
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore" Version="1.1.1" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.2" />
    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.1" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="1.1.1" />
  </ItemGroup>
</Project>


Output from CLI

Dashboard results

Report results

Steps to analyze using the Jenkins plugin

By default, the Jenkins plugin will not evaluate the packages.config, or .csproj files. A custom Scan Target is needed.

nexusPolicyEvaluation iqApplication:  'SampApp' , iqScanPatterns: [[scanPattern:  '**/*.csproj'], [scanPattern:  '**/packages.config']], iqStage:  'build'

To find more information on how to configure Jenkins please go to the Nexus Platform Plugin for Jenkins.