Proj0041: NuGet security audits should report on moderate issues at minimum
When enabled, GitHub’s vulnerability database is consulted to check for security issues that come with using any of the referenced packages. Although we could ignore issues with a low, moderate, or even high severity level, this rule advises to at least report on moderate issues and up.
More information: learn.microsoft.com/nuget/concepts/auditing-packages
Non-compliant
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<NuGetAuditLevel>Critical</NuGetAuditLevel>
</PropertyGroup>
</Project>
Compliant
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<NuGetAuditLevel>Moderate</NuGetAuditLevel>
</PropertyGroup>
</Project>