dotnet list package --vulnerable should return non-zero exit code when vulnerabilities found
#38994
Labels
Comments
dotnet-issue-labeler
bot
added
Area-NuGet
untriaged
|
Thanks for creating this issue! We believe this issue is related to NuGet tooling, which is maintained by the NuGet team. Thus, we closed this one and encourage you to raise this issue in the NuGet repository instead. Don’t forget to check out NuGet’s contributing guide before submitting an issue! If you believe this issue was closed out of error, please comment to let us know. Happy Coding! |
|
I was looking for issues asking for this and found this in the NuGet repo: NuGet/Home#11315 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently, we can run
dotnet list package --vulnerableto find vulnerable packages in the project or solution.While using it in the CI/CD pipeline is nice, it falls short if there are vulnerable packages as it does still return a 0 exit code.
Describe the solution you'd like
If there are vulnerable found in a given project, the command should exit with a non-zero exit code to indicate errors to the caller.
Additional context
Debatable if
--deprecatedshould return a non-zero exit code if deprecated packages were found.The text was updated successfully, but these errors were encountered: