/// <summary> /// Validates project dependencies according to their vulnerabilities and licenses. /// </summary> /// <param name="packages">List of packages of the project.</param> /// <param name="policy">Project policy.</param> /// <returns></returns> private static async Task <List <Dependency> > ValidateProjectDependencies(List <NuGetPackage> packages, ProjectPolicy policy) { List <Dependency> dependencies = new List <Dependency>(); VulnerabilityEvaluationResult[] vulnerabilityEvaluationResult = null; try { vulnerabilityEvaluationResult = await VulnerabilityEvaluation.EvaluatePackage(packages, policy.ApiCacheTime); } catch (Exception e) { CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch dependencies vulnerabilities: {e.Message}"); vulnerabilitiesFetchError = true; } List <License>[] dependenciesLicenses = new List <License> [packages.Count]; int i = 0; foreach (NuGetPackage package in packages) { String packageDir = $"{package.Id}.{package.Version}"; PackageInfo packageInfo = PackageManager.GetPackageInfo(Path.Combine(projectPath, packagesPath, packageDir)); dependencies.Add(new Dependency(packageInfo.Id, packageInfo.Version, packageInfo.Description)); try { dependenciesLicenses[i] = await LicenseManager.TryGetLicenseName(packageInfo, policy.ApiCacheTime); } catch (Exception e) { CommandLineUtils.PrintWarningMessage($"An error occurred while trying to fetch {package.Id}.{package.Version} license: {e.Message}"); dependenciesLicenses[i] = new List <License>(); licensesFetchErrors.Add($"{package.Id}.{package.Version}"); } ++i; } i = 0; foreach (List <License> licenses in dependenciesLicenses) { dependencies[i].Licenses = licenses.Select(license => { license.Valid = !policy.InvalidLicenses.Contains(license.Title); return(license); }) .ToList(); if (!vulnerabilitiesFetchError) { dependencies[i].VulnerabilitiesCount = vulnerabilityEvaluationResult[i].VulnerabilitiesNumber; dependencies[i].Vulnerabilities = vulnerabilityEvaluationResult[i].VulnerabilitiesFound; } ++i; } return(dependencies); }