@nx/dotnet
The Nx Plugin for .NET containing graph support for working with .NET projects in an Nx workspace.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): MSBuild/Locator DLLs and MsbuildAnalyzer are expected .NET tooling binaries for this Nx dotnet plugin; stable across versions. | ai |
Versions (showing 44 of 44)
| Version | Deps | Published |
|---|---|---|
| 22.7.5 | 3 / 7 | |
| 22.7.4 | 3 / 7 | |
| 22.7.3 | 3 / 7 | |
| 22.7.2 | 3 / 7 | |
| 22.7.1 | 3 / 7 | |
| 22.7.0 | 3 / 7 | |
| 22.6.5 | 3 / 7 | |
| 22.6.4 | 3 / 7 | |
| 22.6.3 | 3 / 7 | |
| 22.6.2 | 3 / 7 | |
| 22.6.1 | 3 / 7 | |
| 22.6.0 | 3 / 7 | |
| 22.5.4 | 3 / 7 | |
| 22.5.3 | 3 / 7 | |
| 22.5.2 | 3 / 7 | |
| 22.5.1 | 3 / 7 | |
| 22.5.0 | 3 / 7 | |
| 22.4.5 | 3 / 7 | |
| 22.4.4 | 3 / 7 | |
| 22.4.3 | 3 / 7 | |
| 22.4.2 | 3 / 7 | |
| 22.4.1 | 3 / 7 | |
| 22.4.0 | 3 / 7 | |
| 22.3.3 | 3 / 7 | |
| 22.3.2 | 3 / 7 | |
| 22.3.1 | 3 / 7 | |
| 22.3.0 | 3 / 7 | |
| 22.2.7 | 3 / 7 | |
| 22.2.6 | 3 / 7 | |
| 22.2.5 | 3 / 7 | |
| 22.2.4 | 3 / 7 | |
| 22.2.3 | 3 / 7 | |
| 22.2.2 | 3 / 7 | |
| 22.2.1 | 3 / 7 | |
| 22.2.0 | 3 / 7 | |
| 22.1.3 | 3 / 7 | |
| 22.1.2 | 3 / 7 | |
| 22.1.1 | 3 / 7 | |
| 22.1.0 | 3 / 7 | |
| 22.0.4 | 3 / 7 | |
| 22.0.3 | 3 / 7 | |
| 22.0.2 | 3 / 7 | |
| 22.0.1 | 3 / 7 | |
| 22.0.0 | 3 / 7 |
v22.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.5
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.4
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.4
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.5
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.4
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.7
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.6
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.5
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.4
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.4
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.3
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.2
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/lib/MsbuildAnalyzer • dist/lib/Microsoft.Build.Locator.dll • dist/lib/MsbuildAnalyzer.dll
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.