Add .net 7 support to global security-scan core tool

[solrevdev]

Hi,

I wanted to add .net 7 support to the global tool.

I copied a previous pr that added .net 6 support.

However, am leaving this a draft PR as this does not compile on my mac even before I made my change.

Maybe this will compile on a windows box with Visual Studio 2019/2022 installed on or more probably I would need to make some more changes elsewhere which I am happy to do with some guidance.

The relevant errors below:

Building the main project:

/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Vsix/SecurityCodeScan.Vsix.csproj(92,11): error MSB4226: The imported project "/Library/Frameworks/Mono.framework/Versions/6.12.0/lib/mono/xbuild/Microsoft/VisualStudio/v16.0/VSSDK/Microsoft.VsSDK.targets" was not found. Also, tried to find "VSSDK/Microsoft.VsSDK.targets" in the fallback search path(s) for $(VSToolsPath) - "/Library/Frameworks/Mono.framework/External/xbuild/Microsoft/VisualStudio/v16.0" . These search paths are defined in "/Library/Frameworks/Mono.framework/Versions/6.12.0/lib/mono/msbuild/Current/bin/MSBuild.dll.config". Confirm that the path in the <Import> declaration is correct, and that the file exists on disk in one of the search paths.

Building the `security-scan.csproj` project:

▲ .NET Core [solrevdev/global-tool-support-dotnet-7] pwd
/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core
▲ .NET Core [solrevdev/global-tool-support-dotnet-7] dotnet build .
MSBuild version 17.4.0+18d5aef85 for .NET
  Determining projects to restore...
/usr/local/share/dotnet/sdk/7.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: The target framework 'net5.0' is out of support and will not receive security updates in the future. Please refer to https://aka.ms/dotnet-core-support for more information about the support policy. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
  All projects are up-to-date for restore.
/usr/local/share/dotnet/sdk/7.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: The target framework 'net5.0' is out of support and will not receive security updates in the future. Please refer to https://aka.ms/dotnet-core-support for more information about the support policy. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net6.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net6.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=netcoreapp3.1]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=netcoreapp3.1]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net7.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net7.0]

Build FAILED.

/usr/local/share/dotnet/sdk/7.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: The target framework 'net5.0' is out of support and will not receive security updates in the future. Please refer to https://aka.ms/dotnet-core-support for more information about the support policy. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/usr/local/share/dotnet/sdk/7.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: The target framework 'net5.0' is out of support and will not receive security updates in the future. Please refer to https://aka.ms/dotnet-core-support for more information about the support policy. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net6.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net6.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net5.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=netcoreapp3.1]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=netcoreapp3.1]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4801: The task factory "CodeTaskFactory" is not supported on the .NET Core version of MSBuild. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net7.0]
/Users/solrevdev/.nuget/packages/msbuild.assemblyversion/1.3.0/build/MSBuild.AssemblyVersion.targets(17,5): error MSB4175: The task factory "CodeTaskFactory" could not be loaded from the assembly "/usr/local/share/dotnet/sdk/7.0.100/Microsoft.Build.Tasks.Core.dll". The task factory must return a value for the "TaskType" property. [/Users/solrevdev/Dropbox/Projects/github/security-code-scan/SecurityCodeScan.Tool/.NET Core/security-scan.csproj::TargetFramework=net7.0]
    2 Warning(s)
    8 Error(s)

Time Elapsed 00:00:01.80

[solrevdev]

Interesting.

So, I borrowed a windows box with visual studio 2022 installed on and apart from having to download nuget.exe and add it to my windows path the solution built with no errors.

The build (via visual studio 2022) did change C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\Properties\AssemblyInfo.cs setting from 0.0.0.0 to 5.6.7.9 but I can't see that fixing the broken build so did not bother committing that change and just reverted that one file.

C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\Properties\AssemblyInfo.cs

-[assembly: AssemblyVersion("0.0.0.0")]
-[assembly: AssemblyFileVersion("0.0.0.0")]
+[assembly: AssemblyVersion("5.6.7.9")]
+[assembly: AssemblyFileVersion("5.6.7.9")]

So for now I've run out of talent until I can investigate further

[dbalikhin]

Hm, this can be related - https://github.com/actions/setup-dotnet/issues/323 Try to use include-prerelease and/or use @v3 vs current @v1 and see if it changes anything.

[dbalikhin]

• I would probably drop 3.1 (very close to EOL) and 5.0 (EOL) support, but I'm not the owner :)

[solrevdev]

Hm, this can be related - actions/setup-dotnet#323 Try to use include-prerelease and/or use @V3 vs current @v1 and see if it changes anything.

Aha! that makes sense. Have upgraded to @v3 to see if that fixes the build issue. Thanks @dbalikhin fingers crossed!

I would probably drop 3.1 (very close to EOL) and 5.0 (EOL) support, but I'm not the owner :)

Sure, I would be happy to give that ago as a separate issue/pr

[solrevdev]

Could I ask a maintainer or somebody with permissions to kick off my awaiting build please to see if my latest changes to build.yml fixes the build issue?

.github/workflows/build.yml

Thanks John

[solrevdev]

So, just as a final bit of debugging info before I give up again for now...

When I open the SecurityCodeScan.sln solution file in Microsoft Visual Studio Community 2022 (64-bit) and build the solution then I get a successful result each time:

Successfully created package 'C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\bin\Debug\security-scan.5.6.7.9.nupkg'.
========== Build: 5 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========
========== Elapsed 00:43.289 ==========

However running via the command line as per an alternative way of building the project in the readme I do get some warnings which may or may not have something to do with why my changes also do not build on GitHub actions:

nuget restore SecurityCodeScan.sln:

nuget restore SecurityCodeScan.sln

C:\Code\security-code-scan>nuget restore SecurityCodeScan.sln
MSBuild auto-detection: using msbuild version '17.4.0.51802' from 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\MSBuild\Current\bin'.
C:\Code\security-code-scan\SecurityCodeScan.Vsix\SecurityCodeScan.Vsix.csproj(92,11): error MSB4226: The imported project "C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\MSBuild\Microsoft\VisualStudio\v17.0\VSSDK\Microsoft.VsSDK.targets" was not found. Also, tried to find "VSSDK\Microsoft.VsSDK.targets" in the fallback search path(s) for $(VSToolsPath) - "C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v17.0" . These search paths are defined in "C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\MSBuild\Current\bin\msbuild.exe.Config". Confirm that the path in the <Import> declaration is correct, and that the file exists on disk in one of the search paths.

WARNING: Error reading msbuild project information, ensure that your input solution or project file is valid. NETCore and UAP projects will be skipped, only packages.config files will be restored.
All packages listed in packages.config are already installed.

msbuild SecurityCodeScan.sln:

"C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\MSBuild.exe" SecurityCodeScan.sln

MSBuild version 17.4.0+18d5aef85 for .NET Framework
Building the projects in this solution one at a time. To enable parallel build, please add the "-m" switch.
Build started 01/12/2022 12:03:28.
Project "C:\Code\security-code-scan\SecurityCodeScan.sln" on node 1 (default targets).
ValidateSolutionConfiguration:
  Building solution configuration "Debug|Any CPU".
Project "C:\Code\security-code-scan\SecurityCodeScan.sln" (1) is building "C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj" (2) on node 1 (default targets).
AssemblyVersionInit:
  Copying file from "C:\Code\security-code-scan\SecurityCodeScan\Properties\AssemblyInfo.cs" to "C:\Code\security-code-scan\SecurityCodeScan\obj\Debug\netstandard2.0\AssemblyInfo.orig.cs".
AssemblyVersionUpdate:
  Updating assembly version to 5.6.7.9.
  Updating AssemblyInformationalVersion to 1.0.0.0.
CoreResGen:
  No resources are out of date with respect to their source files. Skipping resource generation.
GenerateTargetFrameworkMonikerAttribute:
Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.
CoreCompile:
  C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Roslyn\csc.exe /noconfig /unsafe- /checked- /nowarn:1701,1702,CA1724,IL2121,1701,1702 /fullpaths /nostdlib+ /errorreport:prompt /define:TRACE;CODEANALYSIS_V3_OR_BETTER;CODEANALYSIS_V3_7_OR_BETTER;HAS_IOPERATION;DEBUG;NETSTANDARD;NETSTANDARD2_0;NETSTANDARD1_0_OR_GREATER;NETSTANDARD1_1_OR_GREATER;NETSTANDARD1_2_OR_GREATER;NETSTANDARD1_3_OR_GREATER;NETSTANDARD1_4_OR_GREATER;NETSTANDARD1_5_OR_GREATER;NETSTANDARD1_6_OR_GREATER;NETSTANDARD2_0_OR_GREATER /highentropyva+ /nullable:enable 

<!-- skipped as too long for comment --<

Done Building Project "C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET 4.x\security-scan.csproj" (default targets).
Done Building Project "C:\Code\security-code-scan\SecurityCodeScan.sln" (default targets).

Build succeeded.

"C:\Code\security-code-scan\SecurityCodeScan.sln" (default target) (1) ->
"C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj" (default target) (2) ->
(CoreCompile target) -> 
  C:\Code\security-code-scan\Roslyn\Compiler\PooledObjects\PooledDictionary.cs(46,50): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary<TKey, TValue>'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\HashUtilities.cs(60,85): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary<TKey, TValue>'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\HashUtilities.cs(67,86): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary<TKey, TValue>'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Framework\DataFlow\DataFlowOperationVisitor.cs(2682,48): warning CS8765: Nullability of type of parameter 'operation' doesn't match overridden member (possibly because of nullability attributes). [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\PooledObjects\PooledDictionary.cs(49,33): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary<TKey, TValue>'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\PooledObjects\PooledDictionary.cs(52,46): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary<TKey, TValue>'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\PooledObjects\PooledDictionary.cs(56,26): warning CS8714: The type 'TKey' cannot be used as type parameter 'TKey' in the generic type or method 'ImmutableDictionary.ToImmutableDictionary<TSource, TKey, TValue>(IEnumerable<TSource>, Func<TSource, TKey>, Func<TSource, TValue>, IEqualityComparer<TKey>?)'. Nullability of type argument 'TKey' doesn't match 'notnull' constraint. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(852,20): warning CS8618: Non-nullable field '_stack' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(852,20): warning CS8618: Non-nullable field '_current' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(746,24): warning CS8618: Non-nullable field '_stack' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(746,24): warning CS8618: Non-nullable field '_current' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(630,24): warning CS8618: Non-nullable field '_stack' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\Compiler\SmallDictionary.cs(630,24): warning CS8618: Non-nullable field '_current' must contain a non-null value when exiting constructor. Consider declaring the field as nullable. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(53,21): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(64,25): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(67,25): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(81,21): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(90,21): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PropertySetAnalysis\HazardousUsageEvaluatorCollection.cs(99,21): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Framework\DataFlow\DataFlowOperationVisitor.cs(741,38): warning CS8605: Unboxing a possibly null value. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Framework\DataFlow\DataFlowOperationVisitor.cs(1141,63): warning CS8601: Possible null reference assignment. [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PointsToAnalysis\PointsToAnalysis.PointsToDataFlowOperationVisitor.cs(785,90): warning CS8621: Nullability of reference types in return type of 'PointsToAbstractValue? OperationVisitor<object?, PointsToAbstractValue>.VisitDynamicObjectCreation(IDynamicObjectCreationOperation operation, object? argument)' doesn't match the target delegate 'Func<IDynamicObjectCreationOperation, object?, PointsToAbstractValue>' (possibly because of nullability attributes). [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\Roslyn\FlowAnalysis\FlowAnalysis\Analysis\PointsToAnalysis\PointsToAnalysis.PointsToDataFlowOperationVisitor.cs(829,90): warning CS8621: Nullability of reference types in return type of 'PointsToAbstractValue? OperationVisitor<object?, PointsToAbstractValue>.VisitTypeParameterObjectCreation(ITypeParameterObjectCreationOperation operation, object? argument)' doesn't match the target delegate 'Func<ITypeParameterObjectCreationOperation, object?, PointsToAbstractValue>' (possibly because of nullability attributes). [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\VBSyntaxNodeHelper.cs(115,17): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\VBSyntaxNodeHelper.cs(401,20): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\VBSyntaxNodeHelper.cs(434,20): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\CSharpSyntaxNodeHelper.cs(90,17): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\CSharpSyntaxNodeHelper.cs(347,20): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\CSharpSyntaxNodeHelper.cs(374,20): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]
  C:\Code\security-code-scan\SecurityCodeScan\Analyzers\Utils\CSharpSyntaxNodeHelper.cs(379,20): warning RS1034: Prefer 'IsKind' for checking syntax kinds [C:\Code\security-code-scan\SecurityCodeScan\SecurityCodeScan.csproj]


"C:\Code\security-code-scan\SecurityCodeScan.sln" (default target) (1) ->
"C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj" (default target) (3) ->
(ResolveAssemblyReferences target) -> 
  C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277: Found conflicts between different versions of "SQLitePCLRaw.core" that could not be resolved. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277: There was a conflict between "SQLitePCLRaw.core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1488e028ca7ab535" and "SQLitePCLRaw.core, Version=2.0.4.976, Culture=neutral, PublicKeyToken=1488e028ca7ab535". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     "SQLitePCLRaw.core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1488e028ca7ab535" was chosen because it was primary and "SQLitePCLRaw.core, Version=2.0.4.976, Culture=neutral, PublicKeyToken=1488e028ca7ab535" was not. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     References which depend on "SQLitePCLRaw.core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1488e028ca7ab535" [C:\Code\security-code-scan\packages\SQLitePCLRaw.core.1.1.2\lib\net45\SQLitePCLRaw.core.dll]. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\SQLitePCLRaw.core.1.1.2\lib\net45\SQLitePCLRaw.core.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\SQLitePCLRaw.core.1.1.2\lib\net45\SQLitePCLRaw.core.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=1488e028ca7ab535, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     References which depend on "SQLitePCLRaw.core, Version=2.0.4.976, Culture=neutral, PublicKeyToken=1488e028ca7ab535" []. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             C:\Code\security-code-scan\SecurityCodeScan\bin\Debug\netstandard2.0\SecurityCodeScan.VS2019.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.Analyzer.Testing, Version=1.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.CSharp.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.VisualBasic.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_green.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_green.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.batteries_green, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a84b7dcfb1391f7f, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_v2.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_v2.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\SQLitePCLRaw.provider.e_sqlite3.net45.1.1.2\lib\net45\SQLitePCLRaw.provider.e_sqlite3.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\SQLitePCLRaw.provider.e_sqlite3.net45.1.1.2\lib\net45\SQLitePCLRaw.provider.e_sqlite3.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.provider.e_sqlite3, Version=1.0.0.0, Culture=neutral, PublicKeyToken=9c301db686d0bd12, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.batteries_green, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a84b7dcfb1391f7f, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
  C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277: Found conflicts between different versions of "SQLitePCLRaw.batteries_v2" that could not be resolved. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277: There was a conflict between "SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9" and "SQLitePCLRaw.batteries_v2, Version=2.0.4.976, Culture=neutral, PublicKeyToken=8226ea5df37bcae9". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     "SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9" was chosen because it was primary and "SQLitePCLRaw.batteries_v2, Version=2.0.4.976, Culture=neutral, PublicKeyToken=8226ea5df37bcae9" was not. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     References which depend on "SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9" [C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_v2.dll]. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_v2.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\SQLitePCLRaw.bundle_green.1.1.2\lib\net45\SQLitePCLRaw.batteries_v2.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             SQLitePCLRaw.batteries_v2, Version=1.0.0.0, Culture=neutral, PublicKeyToken=8226ea5df37bcae9, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:     References which depend on "SQLitePCLRaw.batteries_v2, Version=2.0.4.976, Culture=neutral, PublicKeyToken=8226ea5df37bcae9" []. [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:         C:\Code\security-code-scan\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:           Project file item includes which caused reference "C:\Code\security-code-scan\packages\Microsoft.CodeAnalysis.Workspaces.Common.3.11.0\lib\netstandard2.0\Microsoft.CodeAnalysis.Workspaces.dll". [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             C:\Code\security-code-scan\SecurityCodeScan\bin\Debug\netstandard2.0\SecurityCodeScan.VS2019.dll [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.Analyzer.Testing, Version=1.1.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.CSharp.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Microsoft.Common.CurrentVersion.targets(2352,5): warning MSB3277:             Microsoft.CodeAnalysis.VisualBasic.Workspaces, Version=3.11.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL [C:\Code\security-code-scan\SecurityCodeScan.Test\SecurityCodeScan.Test.csproj]


"C:\Code\security-code-scan\SecurityCodeScan.sln" (default target) (1) ->
"C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\security-scan.csproj" (default target) (5) ->
"C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\security-scan.csproj" (Build target) (5:4) ->
(_CheckForEolTargetFrameworks target) -> 
  C:\Program Files\dotnet\sdk\7.0.100\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.EolTargetFrameworks.targets(28,5): warning NETSDK1138: The target framework 'net5.0' is out of support and will not receive security updates in the future. Please refer to https://aka.ms/dotnet-core-support for more information about the support policy. [C:\Code\security-code-scan\SecurityCodeScan.Tool\.NET Core\security-scan.csproj::TargetFramework=net5.0]

    33 Warning(s)
    0 Error(s)

Time Elapsed 00:00:39.89

Maybe the version of msbuild.exe or nuget.exe on GitHub actions needs updating?

Maybe a maintainer would know what I am missing?

Also can I just apologise for this.

I really did think I was going to be helpful by quickly adding .NET 7 support to the global tool!

I was not expecting to have to keep asking folk to re-run (failing) builds and asking for help for something so simple!

[dbalikhin]

@solrevdev I think we have some hardcoded stuff in the workflow: https://github.com/security-code-scan/security-code-scan/blob/vs2019/.github/workflows/pr.yml#L11

Meaning, this PR is still using @v1. You can check Setup .NET SDK step and observe Run actions/setup-dotnet@v1.

I did some experiments:

1. Create a new repo with "Hello World" and some workflow code. Changed path to that new repo, was good - https://github.com/dbalikhin/MultiTargetTest/actions/runs/3605773660/jobs/6076486750 Repo: https://github.com/dbalikhin/MultiTargetTest

2. Recreated dotnet 7 PR with some updates in my forked SCS repo. I had to push to the main branch before it started to work. Original PR that failed, because it tried to pull workflow files from my fork but not the updated main branch (vs2019): https://github.com/dbalikhin/security-code-scan/pull/4/files

New one with changes in vs2019 branch: https://github.com/dbalikhin/security-code-scan/pull/5

For some reason, on push is still failing, but it uses old @v1 again. on-pull request worked!

TLDR: Review all hardcoded branches/repo in workflow files, and probably @JarLob needs to update the upstream @vs2019 first (to install 7.0.x SDK in the workflow file).

[dbalikhin]

Oh, and include-prerelease doesn't exist in @v3. I also updated MS Build action to @1.1.3 in my experiments:

• name: Setup .NET SDK uses: actions/setup-dotnet@v3 with: dotnet-version: | 3.1.x 5.0.x 6.0.x 7.0.x

  • name: Setup MSBuild.exe uses: microsoft/[email protected]

[solrevdev]

I think I understand.

Am I right to say the issue seems to be that changes I am making to .github/workflows/build.yml are not being run via the github actions/workflows and wont be until that file is committed to main/master?

I've mirrored your changes for now. I need to read more and understand how GitHub actions work I think.

Appreciate your time on this by the way @dbalikhin thank you very much 🙏

[dbalikhin]

.github/workflows/build.yml are not being run via the github actions/workflows and wont be until that file is committed to main/master?

Yes, PR build will use the origin, instead of your fork. build.xml looks like a base action, pr.yaml is the action responsible for the build on PR request, ci.yml works on push (which explains why push failed for my fork, I forgot to update ci.yml too. All actions are defined here (origin): https://github.com/security-code-scan/security-code-scan/blob/vs2019/.github/workflows/

Solutions:

1. Force merge and ignore build issue (owner only)
2. Update origin's main.yml to support 7.0 SDK without changing target frameworks in csproj file (PR by contributors or owner).

• Build should be good, merge to origin
• Create another PR to update csproj target frameworks to include .net7.0

3. Jarlob may prefer to update the origin on his own, SDK and/or csproj by taking changes from this PR

[solrevdev]

.github/workflows/build.yml are not being run via the github actions/workflows and wont be until that file is committed to main/master?

Yes, PR build will use the origin, instead of your fork. build.xml looks like a base action, pr.yaml is the action responsible for the build on PR request, ci.yml works on push (which explains why push failed for my fork, I forgot to update ci.yml too. All actions are defined here (origin): https://github.com/security-code-scan/security-code-scan/blob/vs2019/.github/workflows/

Solutions:

1. Force merge and ignore build issue (owner only)
2. Update origin's main.yml to support 7.0 SDK without changing target frameworks in csproj file (PR by contributors or owner).

• Build should be good, merge to origin
• Create another PR to update csproj target frameworks to include .net7.0

3. Jarlob may prefer to update the origin on his own, SDK and/or csproj by taking changes from this PR

Thanks @dbalikhin 🙏 Which option would you like us to proceed with @JarLob? I'm happy to create another PR to change main.yml to support .net 7 and modify this PR to just be the target framework change in the tool as per number 2 above

[mac2000]

Hello, wondering if that PR will solve an issue we observing, somehow on new projects, global cli tool complains with errors like:

Msbuild failed when processing the file '/path/to/Proj.csproj' with message: /usr/local/share/dotnet/sdk/6.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets: (144, 5): The current .NET SDK does not support targeting .NET 7.0.  Either target .NET 6.0 or lower, or use a version of the .NET SDK that supports .NET 7.0.

And exits with bad status code

The workaround so far is to downgrade to dotnet 6.0 which is definitely not preferable

Found this PR, so decided to ask because did not found any issue about this

What kind of help do you guys need to make this happen?

[rallsmanEmpowerTech]

Hello, wondering if that PR will solve an issue we observing, somehow on new projects, global cli tool complains with errors like:

Msbuild failed when processing the file '/path/to/Proj.csproj' with message: /usr/local/share/dotnet/sdk/6.0.100/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets: (144, 5): The current .NET SDK does not support targeting .NET 7.0.  Either target .NET 6.0 or lower, or use a version of the .NET SDK that supports .NET 7.0.

And exits with bad status code

The workaround so far is to downgrade to dotnet 6.0 which is definitely not preferable

Found this PR, so decided to ask because did not found any issue about this

What kind of help do you guys need to make this happen?

I'm also having this issue, and it's fragmenting some of my projects between .NET 6 and .NET 7. Happy to pitch in to help if we can get some direction on what's needed to support .NET 7.

[StormPooper]

.NET 8 has been released since this PR was created, would be good to support both.

[solrevdev]

.NET 8 has been released since this PR was created, would be good to support both.

I've added net8.0 as a target framework and updated the github build file.

Some of the nuget packages could probably be updated but I left that alone.

It's been a long while since I last looked at this but from memory this needs one of the owners/maintainers to do some trickery to get this merged in.

Hope this helps

[andersonvcv]

Shouldn't you set the PR as ready for review?

[RockyMM]

@JarLob could you have a look at this PR?

[dbalikhin]

Folks (@solrevdev @mac2000 @rallsmanEmpowerTech @StormPooper etc.) , I created a stand-alone fork of SecurityCodeScan. Can be easier to support in the future.

If you are interested, please take a look. Tools: https://github.com/dotnetarium/DotnetariumSCS dotnet tool install --global dotnetarium-scs

Nuget Package: https://github.com/dotnetarium/Dotnetarium.Analyzers.SCS Dotnetarium.Analyzers.SCS

The latest versions: 1.0.3. Release notes may provide some details, but mostly it is: make it build on a test machine and make it work. I brought my old PR with a new experimental feature, but it is disable by default. Hopefully, I can complete it soon.

No VSIX at this point.

I would appreciate if someone can help with testing, I did some basic stuff.