Comments (15)
VS Community 2017, .net core 1.1 shows this error permanently. Tried restarting IDE, uninstall, reinstall - nothing works.
from puma-scan.
I've seen this before as well. Seems very similar to #26. This appears to resolve itself by closing and reopening Visual Studio in some cases.
from puma-scan.
FYI - this is occurring on VS 2017 ... version 15.3.2 to be precise.
from puma-scan.
Can you tell me a little bit about the project being scanned? Web / API / Class project? What version of the framework are they targeting?
from puma-scan.
MVC Web project, .NET 4.6.1
from puma-scan.
We have the same issues. Puma scan complains about requiering msbuild V14, but VS 2017 is built on msbuild V15.
Our projects are .net standard, asp.net core
Warning IDE1003 Analyzer assembly 'C:\.nuget\packages\puma.security.rules\1.0.6\analyzers\dotnet\cs\Microsoft.Build.dll' depends on 'Microsoft.Build.Engine, Version=14.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' but it was not found. Analyzers may not run correctly unless the missing assembly is added as an analyzer reference as well. xx.yy(netstandard2.0)
from puma-scan.
Thanks, this will need to be investigated. .NET Standard / Core may not function the same way as the traditional framework references.
from puma-scan.
Thanks Omar, this is expected. .NET Core is not currently supported. The analyzer rules are currently targeting .NET 4.5 in order to complete the web.config transformation.
We are planning on supporting netstandard20 (.NET Core 2.0) eventually but will need to recompile the code and do some regression testing.
from puma-scan.
Config and markup file rules work in core! @ejohn20 , any timeline for .NET Core support?
from puma-scan.
Wow, I didn't expect that to work ;) Opening a separate issue for .NET Core testing and support. I'm open to suggestions if anyone wants to do some testing and let us know the right configuration / packages to reference for full .NET Core support.
from puma-scan.
from puma-scan.
We are getting this error also. Our project is targeting .NET 4.6.
Even though this error is logged we still get some analysis warnings.
I'm using v1.0.6 when I run this.
Is there something we need to do to remove this warning?
from puma-scan.
Updates in v2.0 will handle binding redirects and resolving the assemblies. New documentation will cover how to address these issues as well.
from puma-scan.
Workaround until the next release is to edit projects files to not include the Microsoft.Build.*.dll's as analyzer references.
Remove the following from project file.
<Analyzer Include="..\packages\Puma.Security.Rules.1.0.6\analyzers\dotnet\cs\Microsoft.Build.dll" /> <Analyzer Include="..\packages\Puma.Security.Rules.1.0.6\analyzers\dotnet\cs\Microsoft.Build.Engine.dll" /> <Analyzer Include="..\packages\Puma.Security.Rules.1.0.6\analyzers\dotnet\cs\Microsoft.Build.Framework.dll" /> <Analyzer Include="..\packages\Puma.Security.Rules.1.0.6\analyzers\dotnet\cs\Microsoft.Build.Tasks.Core.dll" /> <Analyzer Include="..\packages\Puma.Security.Rules.1.0.6\analyzers\dotnet\cs\Microsoft.Build.Utilities.Core.dll" />
from puma-scan.
Closing until after the 2.0 release. We'll see how the latest version of Roslyn handles this.
from puma-scan.
Related Issues (20)
- SEC0108 warning with recommended overload HOT 1
- Visual Studio 2019 support HOT 8
- integrate with sonarqube HOT 8
- How to create the nuget pacakage manually for this project HOT 1
- Taint Analysis HOT 4
- error when added as nuget package to some vulnerable application
- Flow sensitive analysis HOT 1
- Using RoslynSDKgenerator jar is not getting created HOT 6
- Package version was not found: 2.0.0 HOT 1
- XmlException when used in a project with PostSharp HOT 7
- Is it possible to update dependency on Microsoft.CodeAnalysis 2.9.0 HOT 4
- SEC0108 warning false reporting
- Invalid Certificate HOT 2
- 2.4.7 release on marketplace.visualstudio but no release nor commits here HOT 1
- jwt AuthorizeAttribute ignored HOT 1
- Only .net supported? HOT 1
- Visual Studio 2022 Support HOT 2
- SEC0120 False positivites when using policy with required authenticated user
- Supression Pragmas or way to turn off warnings ?
- I don't understand how to fix problems (SEC0112, SEC0032)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puma-scan.