Snyk's source control integrations support testing and monitoring of .NET Core and .NET Framework projects which use Nuget as their package manager.
In order to import a .NET project to Snyk, we require that one of the following files will be part of the imported repository:
packages.config (.NET Framework)
.proj file (.NET Core)
project.json (.NET Core)
Snyk will analyze each manifest in the context of a target framework in order to understand all the dependencies brought in by the projects. Snyk uses Nuget API (3+) to grab all transitive dependencies.
Once the project is imported, we create a dependency tree for each target framework and compares the specific versions of every direct and deep dependency in your project against our NuGet vulnerability database. In case we find a vulnerability, we will notify you so you will be able to decide which action to take.