TomsToolbox.NugetDeFrog 1.0.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet tool install --global TomsToolbox.NugetDeFrog --version 1.0.1
This package contains a .NET tool you can call from the shell/command line. 
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local TomsToolbox.NugetDeFrog --version 1.0.1
This package contains a .NET tool you can call from the shell/command line. 
#tool dotnet:?package=TomsToolbox.NugetDeFrog&version=1.0.1                

                    
                

            
nuke :add-package TomsToolbox.NugetDeFrog --version 1.0.1

NugetDeFrog

Build status NuGet Status

A DotNet command line tool to create a project that references only the runtime packages from an applications *.deps.json file

Intention of this tool

Package scanners like e.g. JFrog Xray can scan the nuget packages of a project for known vulnerabilities, but they only work on the sources, not on the build output. This leads to many false positives, as the scanner does not know which packages are actually used in the build output.

This tool creates a project file that references only the runtime packages from the *.deps.json file of the build output. This project then can then be scanned by the package scanner to get a more accurate result.

Installation

dotnet tool install TomsToolbox.NugetDeFrog -g

Usage

Usage: NugetDeFrog [--output <String>] [--windows] [--help] [--version] file-or-directory

NugetDeFrog

Arguments:
  0: file-or-directory    Path to a dependency file or a directory with files '*.deps.json'. (Default: .)

Options:
  --output <String>    Path to the output project file. (Default: RuntimePackages\RuntimePackages.csproj)
  --windows            Use windows target platform; required if any of the projects require windows platform
  -h, --help           Show help message
  --version            Show version

Example

dotnet tool install TomsToolbox.NugetDeFrog -g
NugetDeFrog --output RuntimePackages\RuntimePackages.csproj --windows MyProject\bin\Debug\net8.0\MyProject.deps.json
jf.exe dotnet restore RuntimePackages\RuntimePackages.csproj --build-name="MyBuild" --build-number="MyBuild.1.2.3" --project="MyProject"
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
1.0.1 223 10/18/2024
1.0.0 109 10/18/2024