Proj0041: NuGet security audits should report on moderate issues at minimum

When enabled, GitHub’s vulnerability database is consulted to check for security issues that come with using any of the referenced packages. Although we could ignore issues with a low, moderate, or even high severity level, this rule advises to at least report on moderate issues and up.

More information: learn.microsoft.com/nuget/concepts/auditing-packages

Non-compliant 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net9.0</TargetFramework>
    <NuGetAuditLevel>Critical</NuGetAuditLevel>
  </PropertyGroup>

</Project>

Compliant 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net9.0</TargetFramework>
    <NuGetAuditLevel>Moderate</NuGetAuditLevel>
  </PropertyGroup>

</Project>

Edit this page on GitHub.