Skip to main content

CLI Interface

If you want to use NuGetDefense directly, maintain a single global installation, or set up NuGetDefense in your CI environment.

Installation

Typical CLI usage of NuGetDefense will use the .Net Global Tool installable via: dotnet tool install --global NuGetDefense.Tool

Alternatively, you can directly download the NuGetDefense release directly from gitHub and run it using: dotnet NuGetDefense.dll <options>

Help

nugedefense -? If you ever need a quick reference this will list all the supported options and aliases

Target Project or Solution

--project-file <path-to-file>

This is a relative or absolute path to the project or solution you want to scan. Solution files will cause all projects in the solution to be scanned.

Aliases

  • -p
  • --project
  • --solution

Target Framework Moniker

--target-framework-moniker <tfm>

This is the tfm value passed to the dotnet sdk when resolving dependency version for sdk style project. This allows NuGetDefense to detect the exact versions of dependencies that will be used at build.

Aliases

  • --framework
  • --tfm

Settings File

--settings-file <path-to-file>

Absolute or relative path to the settings file (NuGetDefense.json by default). Any settings passed in via other options will override the values read from this file.

Aliases

  • --nugetdefense-settings
  • --nugetdefense-json

Vulnerability Data Bin

--vulnerability-data-bin <path-to-file>

Issue #70 This option currently does nothing. Feel free to submit a PR or comment to increase the priority of this issue.

Absolute or relative path to the NVD binary store (vulnerabilityData.bin by default). This is updated automatically from the National Vulnerability Database

Aliases

  • --nvd-data
  • --nvd-data-bin
  • --nvd-bin
  • --vulnerability-bin
  • --vulnerability-data

Warn Only

--warn-only

This is generally used to prevent breaking builds in an MSBuild ExecTask when vulnerabilities are found but is also useful for some CI environments.

Emits MSBuild Warn messages instead of Error messages.

Aliases

  • --do-not-break
  • --warn

Check Transitive Dependencies

--check-project-references

Enables scanning projects referenced by the target project

Aliases

  • --check-referenced-projects
  • --check-referenced
  • --check-references
  • --references
  • --referenced-projects

Ignore CVE's

--ignore-cves <CVEs-to-ignore>

List of vulnerabilities to ignore when reporting vulnerabilities.

Aliases

  • --ignore-vulns

Ignore Packages

--ignore-packages <packageids-to-ignore>

List of vulnerabilities to ignore when reporting vulnerabilities.

Cache Location

--cache-location <path/to/file>

Absolute or relative path to the file used for caching remote vulnerability scan results.

Update

nugetdefense Update Updates the Offline NVD Vulnerability source (by default using the global location)

This is intended to be used in CI environments to update the vulnerability data periodically and reduce the number of calls made to NVD's API

Recreate-NVD

nugetdefense Recreate-NVD Recreates the Offline NVD Vulnerability source (by default in the global location)