github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/dotnet.md (about) 1 # .NET 2 3 ## Installation 4 5 .NET support in FOSSA CLI only depends on the presence of .NET related manifest files in the directory. 6 7 ## Configuration 8 9 Automatic: Run `fossa init` to walk the file tree and find any directories that contain a Package Reference file, NuSpec file, `packages.config`, `project.json`, or `paket.lock`. 10 11 Manual: Add a module with `type` set to `nuget`, `target` to the path of the manifest file, and `dir` set to the location of the manifest file. 12 13 ```yaml 14 analyze: 15 modules: 16 - name: NugetModule 17 type: nuget 18 target: MyProject/Manifest.csproj 19 dir: MyProject 20 options: 21 strategy: package-reference 22 ``` 23 24 ## Options 25 26 | Option | Type | Name | Common Use Case | 27 | ---------- | :----: | ---------------------------- | ---------------------------------- | 28 | `strategy` | string | [Strategy](#strategy-string) | Specify a .NET analysis strategy. | 29 30 #### `strategy: <string>` 31 32 Manually specify the .NET analysis strategy to be used. Supported options: 33 - `paket`: Parse `paket.lock` file. 34 - `package-reference`: Parse a Package Reference file. 35 - `nuspec`: Parse a NuSpec file. 36 - `packages-config`: Parse `packages.config` file. 37 - `project-json`: Parse `project.json` file. 38 39 ## Analysis 40 41 Default .NET analysis follows a series of fallbacks which attempts to determine a dependency graph by starting with the most accurate method and falling to the least accurate: 42 43 1. Paket: Look for `paket.lock` and read for dependencies. 44 2. Resolving method: Attempt to resolve any existing NuGet lockfile created by your build (at `{module.path}/obj/project.assets.json`). It will parse this file for installed dependencies and compare them to the Package Reference file in order to determine an accurate dependency graph. 45 3. Package Reference: Look for a file that matches the Package Reference file format and read for dependencies. 46 4. NuSpec: Look for a NuSpec file and read for dependencies. 47 5. Packages Config: Look for `packages.config` and read for dependencies. 48 6. Project JSON: Look for `project.json` and read for dependencies. 49 50 ## Known limitations 51 52 - Doesn't support conditional direct dependencies (e.g. conditioned on target framework) -- will get all references regardless of target framework. 53 - Only supports top-level itemgroup/packagereferences (not e.g. those under choose element). 54 - Currently, `fossa` supports NuGet lockfiles of `v2` and `v3` schemas.