dotnet restore
and make sure obj/project.assets.json has been created by the previous command, run snyk test
. For more information on building projects, check out Getting started with the CLI.nuget install -OutputDirectory packages
and make sure the packages dir has been created by the previous command, run snyk test
.snyk test
without previously installing dependencies this will result in less accurate vulnerability results--file=.sln
.sln
file. For example snyk test --file=myApp.sln
--file=packages.config
--packages-folder
packages.config
. If you’ve assigned a unique name to this folder, then Snyk can only find it if you enter a custom path.snyk test --packages-folder=../location/to/packages
for Unix OS snyk test --packages-folder=..\location\to\packages
for Windows.--assets-project-name
PackageReference
key uses the project name that is indicated in the project.assets.json.snyk test
PackageReference
or packages.config
we will be able to automatically update the dependency version in your manifest file, provided there is an actual fix for it. You should then be able to easily review and merge your fixes.PackageReference
, we scan your obj/project.assets.json
; if you manage your dependencies using packages.config
, we scan the packages
directory. This approach allows us to be very accurate.System.Net.Http
. We sometimes refer to runtime dependencies as meta-packages.TargetLatestRuntimePatch
to true
in the project file. And make sure to upgrade your environments (e.g. dev, prod) to the latest runtime version.RuntimeFrameworkVersion
to the specific patch version in the project file. You may choose to ignore vulnerabilities that you believe are no longer relevant.<ProjectReference>
elements are not currently supported