Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NuGetAudit should not warn when no vulnerability data is available #12875

Closed
zivkan opened this issue Sep 8, 2023 · 0 comments · Fixed by NuGet/NuGet.Client#5398
Closed

NuGetAudit should not warn when no vulnerability data is available #12875

zivkan opened this issue Sep 8, 2023 · 0 comments · Fixed by NuGet/NuGet.Client#5398
Assignees
@zivkan
Labels
Functionality:Restore Style:PackageReference Type:DCR Design Change Request
Milestone
6.8

Comments

@zivkan
Copy link
Member

zivkan commented Sep 8, 2023

NuGet Product(s) Affected

MSBuild.exe, dotnet.exe

Current Behavior

With the initial previews of NuGetAudit, when none of the package sources have vulnerability data, and the project explicitly enables NuGetAudit (as opposed to enabled by default), then NuGet raises the NU1905 warning.

Desired Behavior

Don't warn. It's confusing that audit runs, and warns about packages whether the feature is explicitly enabled, or left for default, but the "no vulnerability" warning is

Additional Context

Earlier draft of the PR NuGet/NuGet.Client#5398 proposed a separate property to enable/disable the warning, but there was no support, and multiple oppositions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zivkan zivkan

Labels
Functionality:Restore Style:PackageReference Type:DCR Design Change Request
Projects
None yet
Milestone
6.8
Development

Successfully merging a pull request may close this issue.

Stop warning NU1905 when NuGetAudit doesn't have vulnerability data to check NuGet/NuGet.Client
2 participants
@nkolev92 @zivkan