You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/supported-languages/supported-languages-list/.net/improved-.net-scanning.md
+8-10Lines changed: 8 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,12 +8,6 @@ Improved Snyk Open Source scanning for NuGet .NET applications is in Early Acces
8
8
You can enable the feature by using [Snyk Preview](../../../snyk-platform-administration/snyk-preview.md).
9
9
{% endhint %}
10
10
11
-
## Limitations of existing solution
12
-
13
-
The existing .NET scanning solution for SCM integration in the Snyk Web UI and CLI uses two [different approaches](guidance-for-snyk-for-.net.md#dependency-analysis). The Dependency Analysis for SCM integrations can produce [false positives](guidance-for-snyk-for-.net.md#build-time-versus-runtime-dependencies) that have no remediation available and must be manually ignored.
14
-
15
-
If you use the CLI to scan Projects, you can expect more accurate results compared to importing the same Project using an SCM integration. You can [encounter errors](troubleshooting-snyk-for-.net.md) when scanning Projects that use specific .NET features.
16
-
17
11
## Scanning improvements
18
12
19
13
Snyk improved the .NET scanning process to ensure that dependency results are consistent across the CLI and SCM integrations. This update also eliminates false positives from runtime dependencies that were previously displayed in the UI. The approach involves using the internal workings of the .NET ecosystem.
@@ -37,17 +31,21 @@ Follow these steps to enable the improvements:
37
31
38
32
Since the improved .NET solution will build your .NET Project, Snyk requires access to any private NuGet repositories.
39
33
40
-
The recommended approach is to use [`nuget.config`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file) files along with registering the credentials in Snyk NuGet private package repository integration (**Settings** > **Integrations** > **NuGet Repositories**).
41
-
42
-
<figure><imgsrc="../../../.gitbook/assets/org_settings_nuget_repo.png"alt="Set up Nuget Repositories from the Settings, Integrations screen"><figcaption><p>Set up Nuget Repositories from the Settings, Integrations screen</p></figcaption></figure>
34
+
Snyk recommends using [`nuget.config`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file) files along with registering the credentials in Snyk NuGet private package repository integration. To do this, navigate to Organization **Settings** > **Integrations** > **Add integration** > **Nuget** > **Edit settings**. 
43
35
44
36
If you are not using `nuget.config`, but another way of informing the .NET ecosystem of where to look for private packages, Snyk will attempt to add all private NuGet repository credentials defined in the private package repository integration as a `dotnet nuget` source before restoring the Project.
45
37
46
38
Fill in the **Your tokens** fields by adding a **Username**, the **Personal access token**, and the repository **URL** (supports only HTTPS sources).
47
39
48
40
For more information, see [Package repository integrations](../../../scan-with-snyk/snyk-open-source/package-repository-integrations/).
49
41
50
-
### Limitations on improved .NET scanning for SCM integrations
42
+
## Limitations
43
+
44
+
The existing .NET scanning solution for SCM integration in the Snyk Web UI and CLI uses two [different approaches](guidance-for-snyk-for-.net.md#dependency-analysis). The Dependency Analysis for SCM integrations can produce [false positives](guidance-for-snyk-for-.net.md#build-time-versus-runtime-dependencies) that have no remediation available and must be manually ignored.
45
+
46
+
If you use the CLI to scan Projects, you can expect more accurate results compared to importing the same Project using an SCM integration. You can encounter errors when scanning Projects that use specific .NET features.
47
+
48
+
For improved .NET scanning for SCM integrations: 
51
49
52
50
*`Directory.Build.props`, `global.json` and other .NET-specific manifest files are supported, but the file names must use upper and lower case, as Microsoft [describes](https://learn.microsoft.com/en-us/visualstudio/msbuild/customize-by-directory?view=vs-2022#directorybuildprops-and-directorybuildtargets).
53
51
* For `global.json`, Snyk does not support all `major.minor.patch` versions that are currently supported by Microsoft, only a subset thereof. For more information, see this [error code](../../../scan-with-snyk/error-catalog.md#snyk-os-dotnet-0008).
0 commit comments