dotnet-retire
2.3.1
See the version list below for details.
dotnet tool install --global dotnet-retire --version 2.3.1
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local dotnet-retire --version 2.3.1
#tool dotnet:?package=dotnet-retire&version=2.3.1
nuke :add-package dotnet-retire --version 2.3.1
Build status
Windows:
Linux:
dotnet-retire
A dotnet CLI extension to check your project for known vulnerabilities.
Install
$ dotnet tool install -g dotnet-retire
Usage
$ dotnet retire
Additional options:
loglevel=Trace|Debug|Information|Warning|Error|Critical(default:Information)rooturl=<url>to feed> (default:https://raw.githubusercontent.com/RetireNet/Packages/master/index.json)
Sample:
$ dotnet retire loglevel=debug
Sample output:
How does it work?
It fetches the packages listed in the corresponding packages repo in this GitHub organization (link), and checks your projects obj\project.assets.json or project.lock.json file for any match (direct, or transient).
Keeping the list of packages up to date will be done via updating that repo when announcements occur from Microsoft with additional json files with links to announcements from Microsofts security team.
Other projects with similar functionality:
SafeNuGet
Runs as part of the build (MSBuild target). Analyzes packages.config, does not handle transient dependencies.
DevAudit
Standalone .NET console app that analyzes a packages.config. Analyzes packages.config, does not handle transient dependencies.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp2.1 is compatible. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
-
.NETCoreApp 2.1
- No dependencies.
| Version | Downloads | Last updated | |
|---|---|---|---|
| 5.0.0 | 34,573 | 11/26/2020 | |
| 4.0.1 | 60,638 | 1/31/2020 | |
| 3.1.0 | 2,389 | 11/2/2019 | |
| 3.0.0 | 681 | 11/1/2019 | |
| 2.4.1 | 777 | 10/31/2019 | |
| 2.4.0 | 687 | 10/31/2019 | |
| 2.3.3 | 4,153 | 6/13/2019 | |
| 2.3.2 | 3,473 | 9/11/2018 | |
| 2.3.1 | 1,013 | 9/8/2018 | |
| 2.1.1 | 1,008 | 8/22/2018 | |
| 2.1.0 | 1,502 | 8/18/2018 | |
| 2.0.0 | 988 | 8/18/2018 | |
| 1.0.4 | 31,077 | 6/8/2017 | |
| 1.0.3 | 1,261 | 6/8/2017 | |
| 1.0.3-beta007 | 871 | 5/31/2017 | |
| 1.0.2 | 31,934 | 5/19/2017 | |
| 1.0.1 | 4,051 | 5/16/2017 | |
| 1.0.0 | 11,398 | 5/15/2017 | |
| 1.0.0-beta002 | 919 | 5/15/2017 | |
| 1.0.0-beta001 | 909 | 5/15/2017 |
Makes output logging verbosity configurable