C# / .NET

Introduction

JFrog Xray provides security and compliance analysis for C# and .NET applications throughout the software development lifecycle. This page describes the supported scan contexts, capabilities, and dependency analysis available for .NET.

Capabilities

Capability	Source Code Scanning	Binary Scanning
Vulnerability Matching (CVEs)	✅	✅
License Detection	✅	✅
Malicious Package Detection	✅	❌
Operational Risk	❌	❌
Smart Remediation	❌	❌

Source code scanning analyzes your project's dependency manifest files to identify components and their vulnerabilities. This is used by JFrog CLI (jf audit), Frogbot, IDE integrations, and CI pipelines.

Supported Files

Package Manager	Supported Files
NuGet	`.sln`, `*.csproj`, `packages.config`

Limitation: Directory.Build.props file is not supported.

Dependency Graph

Package Manager	Dependency Graph
NuGet	⚠️ Project references linked, package dependencies flat

Additional Information

NuGet DLL Detection only works for 3rd party NuGet Packages