Supported frameworks and package managers

Code analysis

Snyk Code supports the following frameworks:

  • .NET Framework 4.6-4.8.x

  • ASP.NET 6.x (C# only)

  • .NET 6

Open source and licensing

Snyk Open Source provides support for both NuGet and Paket, as outlined below.

Feature availability Features may not be available, depending on your plan. See pricing plans for more details.

Package managers / FeaturesCLI supportGit supportLicense scanningFix PRs






Snyk does not currently support PackageReference without a version attribute. If your Project lacks this, Snyk may fail to open a PR for your Project. The current workaround is to add versions to all PackageReferences.

Open source policy

To manage licenses from your developer workflows through policy, see the following topics:

Open source license compliance

To check compliance for open source licenses, see Getting Started with Snyk License Compliance Management.

Getting started with Snyk for .NET across environments

Snyk CLI


Code analysis

To start testing your code using Snyk Code open your repository in a terminal and run the following command:

snyk code test

To customize test options, run other commands, exclude directories and files, and explore the results in different formats, see the following:

Open source and licensing

The following sections list the steps to start scanning your dependencies. The basic commands are covered, such as snyk test and snyk monitor. To check the full list, see CLI commands and options summary.

To scan your dependencies, ensure you install the relevant package manager and that your Project contains the supported manifest files.


Dependencies managed by PackageReference

Restore dependencies in the .NET project by running dotnet restore and make sure that obj/project.assets.json has been created by the previous command. Then run snyk test. For more information see Getting started with the CLI.

Examples of supported Project files that resolve into project.assets.json include:

  • *.csproj

  • *.vbproj

  • *.fsproj

The project.assets.json file is required for scanning.

Project files can be combined with lock files for a more deterministic project.assets.json resolution.

Dependencies managed by packages.config

While there are two approaches for dependencies managed by packages.config., the following is the recommended approach because it will yield the most accurate results:

First, install the dependencies into the packages folder by running nuget install -OutputDirectory packages and make sure the packages directory has been created by the previous command. Then run snyk test.

Examples of supported project files that resolve into packages include: packages.config

While you should also be able to run snyk test without previously installing dependencies this will result in less accurate vulnerability results.

Nuget CLI options

Paket CLI options

  • To use Paket, be sure a paket.lock file is present in combination with a paket.dependencies file.

  • Run snyk test.

CLI options for use with other dependencies

Other support includes project.json (no longer recommended, refer to Microsoft documentation).

To build the dependency tree, Snyk analyzes the paket.dependencies and paket.lock files.

Snyk Web UI (Git repository integration)

Import .NET Projects from any of the Git services Snyk supports.

When your Projects have been imported, Snyk analyzes your Projects based on their supported manifest files and then builds the dependency tree and displays it in the Snyk Web UI, similar to the following:


After you select a Project for import, Snyk builds the dependency tree based on these manifest files:

  • For .NET Core, the *.proj files

  • For .NET Framework, the *.proj file, and packages.config

Examples of supported Project files include:

  • *.csproj

  • *.vbproj

  • *.fsproj

A .NET Project can target multiple target frameworks. Snyk creates a separate dependency tree for each target framework, displaying each as a separate Snyk Project from the interface. This makes it easier to understand why a dependency is being used and also to assess the fix strategy.


No import support currently.

Git settings for .NET

From the Snyk Web UI, you can configure Snyk to scan your entire Project, including the build dependencies, or skip the build dependencies.

You can also update your language preferences.

  1. Log in to your account and navigate to the relevant Group and Organization you want to manage.

  2. Go to Settings and select settings for .NET. To scan all development dependencies, be sure that Scan build dependencies are checked.

Fixing vulnerabilities for .NET

For a general understanding of how Snyk helps you fix Open Source vulnerabilities within your Projects, see Fix your vulnerabilities.

Feature availability The Fix PR feature is only available across Snyk SCM integrations.

Fix PR supported manifest files

If you are currently managing your Project dependencies with NuGet and leveraging PackageReference or packages.config Snyk can automatically update the dependency version in your manifest file, provided there is an actual fix for it. You can then review and merge your fixes.

Snyk integrations

🔗 For integrated development environments, see Use Snyk in your IDE.

🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).


For best practices and troubleshooting, see Help.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.