[dotnet] Support for Central Package Management - Githubissues

jfrog / frogbot

🐸 Scans your Git repository with JFrog Xray for security vulnerabilities. 🤖

https://docs.jfrog-applications.jfrog.io/

Apache License 2.0

302 stars 73 forks source link

[dotnet] Support for Central Package Management #635

Open Jetski5822 opened 8 months ago

Jetski5822 commented 8 months ago

Describe the bug

I am raising this as a bug as I think it was missed as is quite important.

https://github.com/jfrog/frogbot/blob/aecbbb6b4a463f515676163369347a3f4b20aaf7/packagehandlers/nugetpackagehandler.go#L18

here we are trying to fix PRs. However, all the dependency version live in Packages.Props or Directory.Packages.Props seE: https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management

Current behavior

It fails trying to issue a fix thats a direct dependency.

Reproduction steps

No response

Expected behavior

No response

JFrog Frogbot version

2.19.9

Package manager info

nuget

Git provider

GitHub

JFrog Frogbot configuration yaml file

No response

Operating system type and version

Linux

JFrog Xray version

3.74.8

eranturgeman commented 3 months ago

Hello @Jetski5822 and thank you for reporting this issue! We will look into it and update on our progress