It would be nice to recursively walk the dependency tree, looking for vulnerabilities in any indirect dependencies as well.
In .NET Core, this can be accomplished by walking the project.assets.json file for each target project. This is the approach taken by CycloneDX when generating a BOM.
It would be nice to recursively walk the dependency tree, looking for vulnerabilities in any indirect dependencies as well.
In .NET Core, this can be accomplished by walking the
project.assets.jsonfile for each target project. This is the approach taken by CycloneDX when generating a BOM.