In terms of the broader project of enabling inclusion of runtime dependency versions to the dependency graph, we here introduce support for running the dotnet CLI from within the plugin. This is a common pattern in other of our ecosystem plugins (e.g. this one for go).
In order to be able to build self-contained published packages, we need to enable the use of dotnet publish.
Further, we already encourage users to run dotnet restore before scanning their dotnet core projects, so we should be able to assume the binary exists on the system.
What does this PR do?
Nothing, actually. No logic (should ™️ ) be changed. But it will make the next PR which hooks up the runtime assembly parsing much cleaner.
Background
Picks up where https://github.com/snyk/snyk-nuget-plugin/pull/147 left off.
In terms of the broader project of enabling inclusion of runtime dependency versions to the dependency graph, we here introduce support for running the
dotnet
CLI from within the plugin. This is a common pattern in other of our ecosystem plugins (e.g. this one for go).In order to be able to build self-contained published packages, we need to enable the use of
dotnet publish
.Further, we already encourage users to run
dotnet restore
before scanning their dotnet core projects, so we should be able to assume the binary exists on the system.What does this PR do?
Nothing, actually. No logic (should ™️ ) be changed. But it will make the next PR which hooks up the runtime assembly parsing much cleaner.
What are the relevant tickets?
https://snyksec.atlassian.net/browse/OSM-515