April 14th 2021:
The .NET Core and .NET framework library data has been extended to include details of framework and core libraries that cannot be found on NuGet.
Previously these libraries did not have any data displayed in TeamServer which meant the grade was shown as
? and there was no CVE or versioning data available. So these libraries did not impact the library score and thus the overall application's score.
With the addition of these libraries to our database the libraries will now have a grade assigned, report versioning information and have any relevant CVE's associated. So this may improve or degrade the Application score based on the individual library scores.
The latest version information will be the latest version within that framework and not the latest framework available.
These libraries will be clearly identified as a framework library:
Why and how has this been implemented?
- Microsoft stopped publishing these framework libraries to NuGet from version 3.
- We automate the download of framework versions from Microsoft downloads (we download for all available operating systems and architectures).
Latest Versionwill be set to the latest version on that major release and will not recommend a v5 library for a user on v3.X.
- An agent restart is required to get the updated details.
Details to follow in relation to the On-Premise version that will include these library details and associated release notes.