Overview
Vibgrate scans .NET projects by discovering .sln and .csproj files. It evaluates runtime version lag, NuGet package drift, and target framework freshness.
What Gets Scanned
- Target framework version (e.g.
net6.0,net7.0,net8.0) - .NET SDK version from
global.json - All NuGet packages from
.csprojPackageReferenceelements - Framework freshness relative to the current LTS and STS releases
- EOL risk for end-of-life .NET versions
Quick Start
Vibgrate requires Node.js >= 20. Install it alongside your .NET toolchain.
npm install -g @vibgrate/cli
vibgrate scan /path/to/dotnet-solutionSolution vs Project Scanning
Vibgrate discovers both .sln files and individual .csproj files. When a solution file is found, all referenced projects are included in the scan.
For multi-project solutions, each project receives its own drift score, and an aggregate score is computed for the solution.
.NET-Specific Findings
Common findings for .NET projects include:
- Target framework EOL — e.g.
net6.0reached end-of-life in November 2024 - NuGet package lag — packages that are multiple major versions behind
- SDK version mismatch —
global.jsonpinning an older SDK - Framework migration opportunities — e.g. upgrading from .NET 6 to .NET 8 LTS
CI Integration: Azure DevOps
steps:
- script: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
displayName: Vibgrate Scan
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: vibgrate.sarif
ArtifactName: VibgrateSARIF
CI Integration: GitHub Actions
steps:
- name: Vibgrate Scan
run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: vibgrate.sarif
Next Steps
- Explore the extended scanners — architecture layers, service dependencies, and security posture all support .NET
- Set up a drift baseline for your main branch
- Push results to the dashboard for portfolio-level visibility