Merge pull request #9538 from drewnoakes/nuget-audit-properties

Add Project Properties UI for NuGet Audit settings
dotnet · Sep 23, 2024 · 9e618da · 9e618da
2 parents 8d5a9b8 + aba95ec
commit 9e618da
Show file tree

Hide file tree

Showing 14 changed files with 954 additions and 0 deletions.
diff --git a/...udio.ProjectSystem.Managed/ProjectSystem/Rules/PropertyPages/ApplicationPropertyPage.xaml b/...udio.ProjectSystem.Managed/ProjectSystem/Rules/PropertyPages/ApplicationPropertyPage.xaml
@@ -15,6 +15,10 @@
     <Category Name="Resources"
               DisplayName="Resources"
               Description="Resource settings for the application." />
+
+    <Category Name="Dependencies"
+              DisplayName="Dependencies"
+              Description="Dependency management settings for the application." />
   </Rule.Categories>
 
   <Rule.DataSource>
@@ -288,4 +292,44 @@
                DisplayName="Resource file" />
   </EnumProperty>
 
+  <BoolProperty Name="NuGetAudit"
+                DisplayName="Audit NuGet dependencies"
+                Description="Audit package dependencies for security vulnerabilities."
+                HelpUrl="https://go.microsoft.com/fwlink/?linkid=2288404"
+                Category="Dependencies" />
+
+  <EnumProperty Name="NuGetAuditMode"
+                DisplayName="Audit Mode"
+                Description="Specifies which packages to include in the audit."
+                Category="Dependencies">
+    <EnumProperty.Metadata>
+      <NameValuePair Name="VisibilityCondition">
+        <NameValuePair.Value>(has-evaluated-value "Application" "NuGetAudit" true)</NameValuePair.Value>
+      </NameValuePair>
+    </EnumProperty.Metadata>
+    <EnumValue Name="direct"
+               DisplayName="Direct dependencies" />
+    <EnumValue Name="all"
+               DisplayName="All dependencies (direct and transitive)" />
+  </EnumProperty>
+
+  <EnumProperty Name="NuGetAuditLevel"
+                DisplayName="Audit Severity Level"
+                Description="The minimum vulnerability severity level to report when a package has a known vulnerability. Known vulnerabilities with a lower severity level will not be reported."
+                Category="Dependencies">
+    <EnumProperty.Metadata>
+      <NameValuePair Name="VisibilityCondition">
+        <NameValuePair.Value>(has-evaluated-value "Application" "NuGetAudit" true)</NameValuePair.Value>
+      </NameValuePair>
+    </EnumProperty.Metadata>
+    <EnumValue Name="low"
+               DisplayName="Low and above (all levels)" />
+    <EnumValue Name="moderate"
+               DisplayName="Moderate and above" />
+    <EnumValue Name="high"
+               DisplayName="High and above" />
+    <EnumValue Name="critical"
+               DisplayName="Critical only" />
+  </EnumProperty>
+
 </Rule>
diff --git a/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.cs.xlf b/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.cs.xlf
diff --git a/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.de.xlf b/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.de.xlf
diff --git a/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.es.xlf b/...tSystem.Managed/ProjectSystem/Rules/PropertyPages/xlf/ApplicationPropertyPage.xaml.es.xlf