Skip to content

Commit c3734a5

Browse files
dotnet list package --vulnerable uses AuditSources (#44722)
1 parent 72dacd6 commit c3734a5

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

docs/core/tools/dotnet-list-package.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,10 @@ The project or solution file to operate on. If not specified, the command search
118118

119119
- **`--vulnerable`**
120120

121-
Lists packages that have known vulnerabilities. Cannot be combined with `--deprecated` or `--outdated` options. Nuget.org is the source of information about vulnerabilities. For more information, see [Vulnerabilities](/nuget/api/registration-base-url-resource) and [How to Scan NuGet Packages for Security Vulnerabilities](https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/).
121+
Lists packages that have known vulnerabilities. Cannot be combined with `--deprecated` or `--outdated` options.
122+
Use the `<AuditSources>` property in your configuration file to specify your source of vulnerability data, which is acquired from the [VulnerabilityInfo](/nuget/api/vulnerability-info) resource.
123+
If `<AuditSources>` is not specified, the specified `<PackageSources>` are used to load vulnerability data.
124+
For more information, see [Audit sources](/nuget/concepts/auditing-packages#audit-sources) and [How to scan NuGet packages for security vulnerabilities](https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/).
122125

123126
- **`--format <console|json>`**
124127

0 commit comments

Comments
 (0)