Learn More: Dependency Errors in C#
In order to provide complete coverage, Sentinel Source requires access to the dependencies used by your application. To gain access to the dependencies, Sentinel Source uses nuget dependency management to download the dependencies defined in packages.config files.
If a dependency is found to be missing during scanning, an indicator will be displayed on the WhiteHat Portal’s File Coverage page. The packages that Sentinel Source was unable to resolve for that file are listed in the error messages linked with these clickable indicators.
How to Resolve Dependency Resolution Errors
There are several issues that can lead to dependency resolution errors:
Missing Nuget.config
Nuget.config files, like packages.config, contain elements that define values that configure NuGet execution in various ways, but they are not tied to any individual project. These include values such as the local repository location, alternate remote repository servers, and authentication information. As a result, if your application utilizes a Nuget.config file, Sentinel Source would have skipped over it during the repository checkout process.
To include these files with future Sentinel Source scans, you can navigate to the Asset Management page in the WhiteHat Portal interface, and upload the file. All future scans will use this file to acquire dependencies declared within the application.
No route to Nuget.org, or internal repository.
Dependencies and their associated repository URL are declared in the packages.config file. The Sentinel Source appliance must have network access to these destination URLs, whether they be an internal Nuget repository, or the public Nuget.org repository.
Dependencies must be manually included
If your application does not use NuGet as a dependency management system, you must manually add the application’s dependencies. This can be done by placing the related .dll files in the repository itself, and providing Sentinel Source repository access information to access it. This can be done as a separate repository, or be included in the repositories that have already been defined within the WhiteHat Portal interface.