| title | NuGet Warning NU1905 | |
|---|---|---|
| description | NU1905 Warning codes | |
| author | zivkan | |
| ms.author | zivkan | |
| ms.date | 07/19/2024 | |
| ms.topic | reference | |
| f1_keywords |
|
warning NU1905: Audit source 'Contoso' did not provide any vulnerability data.
A source specified in a NuGet.Config <auditSources> element did not provide a vulnerability database.
Any NuGet source implementing NuGet's V3 server API can provide vulnerability data via the VulnerabilityInfo resource, including by mirroring nuget.org's vulnerability data.
Any source defined in a NuGet.Config <auditSources> element is expected to provide this resource, and this warning is raised when it is not.
You can check if your package source administrators have a setting to enable vulnerability data.
If your audit source is nuget.org and access to api.nuget.org is blocked on your network, consider asking the network administrator to allow https://data.nuget.org/v3/index.json and use it as your audit source instead.
This endpoint only serves vulnerability data, not packages, so it might be allowed even when api.nuget.org is blocked.
If you would like to treat this warning as an error, to cause build failures when vulnerability checks could not be performed, you can add <WarningAsError>$(WarningAsError);NU1905</WarningAsError> to your project file.
If you are using TreatWarningsAsErrors to cause all warnings to be treated as errors, you can add <NoWarn>$(NoWarn);NU1905</NoWarn> to your project file to suppress this warning message, or <WarningsNotAsErrors>NU1905</WarningsNotAsErrors> to prevent this warning from being treated as an error.
For more information, see the documentation on auditing packages.