DotUtils.BuildChecks 0.0.5-beta

This is a prerelease version of DotUtils.BuildChecks.
There is a newer prerelease version of this package available.
See the version list below for details. 
dotnet add package DotUtils.BuildChecks --version 0.0.5-beta
                    


                    

                
NuGet\Install-Package DotUtils.BuildChecks -Version 0.0.5-beta
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DotUtils.BuildChecks" Version="0.0.5-beta">
  <PrivateAssets>all</PrivateAssets>
  <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DotUtils.BuildChecks" Version="0.0.5-beta" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DotUtils.BuildChecks">
  <PrivateAssets>all</PrivateAssets>
  <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DotUtils.BuildChecks --version 0.0.5-beta
                    


                    

                
#r "nuget: DotUtils.BuildChecks, 0.0.5-beta"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DotUtils.BuildChecks@0.0.5-beta
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DotUtils.BuildChecks&version=0.0.5-beta&prerelease
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DotUtils.BuildChecks&version=0.0.5-beta&prerelease
                    


                            Install as a Cake Tool

DotUtils Custom BuildChecks

UntrustedLocationCheck

It is strongly recommended not to place MSBuild project files into locations where other logic have write access to the parent folders. That is because MSBuild (more specifically SDK common targets) hierarchically traverses folder structure for auto-importable msbuild logic. This Check flags attempts to build from Downloads folder.

EnvironmentVariableSecretsCheck

The UsedEnvironmentVariablesCheck is a custom MSBuild check that detects sensitive data and secrets in environment variables used during the build process. This check helps identify potential security risks by scanning environment variable values for common secrets, explicit secrets, and usernames. The check automatically monitors environment variable access during the build process.

When a secret is detected, it generates a build warning with the following information:

  • Secret type (SubKind)
  • Secret value (truncated based on verbose settings)
  • Location in build files (file, line, column)

Example Output

warning DU0202: CommonSecret with value: 'APIKey123***' at project.props(12,5) Example Output Copywarning DU0202: CommonSecret with value: 'APIKey123***' at project.props(12,5) warning DU0202: Username with value: 'admin@comp***' at Directory.Build.props(25,10)

UnexpectedNugetBuildLogic

TBD

There are no supported framework assets in this package.

Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.0.6-beta 122 11/5/2024
0.0.5-beta 97 11/4/2024
0.0.4-beta 99 10/22/2024
0.0.3-beta 94 10/22/2024
0.0.2-beta 157 10/18/2024