FOSSA supports .NET projects that use Nuget.
We look for and analyze the following files for license and dependency information
.csproj/.xproj
packages.config
project.json
.nuspec
FOSSA will find any package available on www.nuget.org/packages
We currently use the NuGet API v3 to fetch metadata and package information.
If a license file is given as a URL (in a .nuspec
file via the licenseUrl
property) FOSSA will attempt to go out and retrieve the license file and add to the project root. These will be labeled as LICENSE_<license-name>.txt
when viewing license matches inside FOSSA.
If an exact version is not given (i.e. a version range), FOSSA will resolve a dependency to the highest patch version (using the major.minor.patch.build
convention) .
Documentation on versioning: Version range spec.
project.lock.json
filesfiles
, references
, or frameworkAssemblies
in the .nuspec
file.nuspec
files.project.json
/packages.config
fileNuGet.config
file.