Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add meta data to packagedownloads to enable future audit improvements #45555

Open
marcpopMSFT opened this issue Dec 18, 2024 · 0 comments
Open

Add meta data to packagedownloads to enable future audit improvements #45555

marcpopMSFT opened this issue Dec 18, 2024 · 0 comments
Labels
Area-Workloads untriaged Request triage from a team member
Milestone
10.0.1xx

Comments

@marcpopMSFT
Copy link
Member

Today's NuGet Audit does not include PackageDownloads. PackageDownload is used for many .NET provided packages like the runtime packs or ILLink pack or even the Roslyn Framework compiler. All of these could have security releases that we'd want to warn customers about but the resolution for those customers would be to update their SDK, not update those packages. Many customers use PackageDownload directly for other classes of packages for which they would want to get a notification if there were a security update for their package.

As such, we need to add some metadata to the included PackageDownloads so we can separate them from the 3rd party ones and customize the audit experience in the future.
@marcpopMSFT marcpopMSFT added this to the 10.0.1xx milestone Dec 18, 2024
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-Workloads untriaged Request triage from a team member labels Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-Workloads untriaged Request triage from a team member
Projects
None yet
Milestone
10.0.1xx
Development

No branches or pull requests
1 participant
@marcpopMSFT