Skip to content

Enable NuGet Audit for security vulnerability scanning #51470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Enable NuGet Audit for security vulnerability scanning #51470

wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Oct 28, 2025
edited
Loading

NuGet Audit was previously disabled. This re-enables it to detect vulnerable packages during restore.

Changes

  • Added explicit NuGet Audit configuration to Directory.Build.props:
    • NuGetAudit=true - Enable scanning
    • NuGetAuditLevel=low - Report all severity levels
    • NuGetAuditMode=all - Audit direct and transitive dependencies

Current package set has no known vulnerabilities.

Original prompt

This section details on the original issue you should resolve

<issue_title>[release/8.0.4xx] Enable Nuget Audit</issue_title>
<issue_description>Disabled in https://dev.azure.com/dnceng/internal/_git/dotnet-sdk/pullrequest/54678.
We should re enable it and bump some packages</issue_description>

<agent_instructions>It was disabled in directory.build.props. Reenable it and see what it flags.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@marcpopMSFT
Enable NuGet Audit in Directory.Build.props
783d455 
Co-authored-by: marcpopMSFT <12663534+marcpopMSFT@users.noreply.github.com>
Copilot AI changed the title [WIP] Re-enable Nuget Audit and bump packages Enable NuGet Audit for security vulnerability scanning Oct 28, 2025
Copilot finished work on behalf of marcpopMSFT October 28, 2025 18:52
Copilot AI requested a review from marcpopMSFT October 28, 2025 18:52
@marcpopMSFT
Copy link
Member

@dkurepa was you're issue specifically about turning audit back on in 8 or is main sufficient?
#51466

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marcpopMSFT marcpopMSFT Awaiting requested review from marcpopMSFT

At least 1 approving review is required to merge this pull request.

Assignees

@marcpopMSFT marcpopMSFT

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[release/8.0.4xx] Enable Nuget Audit

2 participants

@marcpopMSFT