Nugetauditsuppress [portable]

(per package):

You would add this to your .csproj :

| Property | Default | Effect | |----------|---------|--------| | NuGetAudit | true | Enable/disable the audit feature | | NuGetAuditLevel | low | Minimum severity to report (low, moderate, high, critical) | | NuGetAuditSuppress | false | Suppress all audit warnings |

Use code with caution.

Upgrading is always the recommended first step. However, suppression becomes necessary when:

You have implemented a workaround (like a firewall rule or input validation) that renders the exploit ineffective.

<NuGetAuditLevel>critical</NuGetAuditLevel> – only blocks on critical CVEs. nugetauditsuppress

: For large solutions, define suppressions in a central Directory.Build.props file to maintain organization-wide control.

While the goal is always to keep packages updated, there are valid scenarios for using suppression:

: Advisories should not be suppressed forever. Treat these items as technical debt to be re-evaluated during regular maintenance cycles. (per package): You would add this to your

This feature is available for projects starting with NuGet 6.11 (Visual Studio 17.11 and .NET 8.0.400 SDK) and for packages.config starting with Visual Studio 17.12 . How to Implement Suppression

NuGet 6.11+, Visual Studio 17.11+, or .NET 8.0.400 SDK.

If it finds a package with a known security flaw, it warns you. By default, these are warnings, but if you treat warnings as errors (as many CI pipelines do), your build will fail. Treat these items as technical debt to be