Scan a .NET Solution for Upgrade Drift
Scan a .NET solution with Vibgrate CLI to get a DriftScore across projects, export SARIF for Azure DevOps, and gate builds on drift severity.
A .NET solution often spans several projects, each with its own package references. Vibgrate CLI scans the whole solution from one command, detects the .NET ecosystem, and reports a single DriftScore plus per-finding detail so you know which projects carry the most upgrade risk.
Prerequisites
- A .NET solution (
.sln) with project files and restored packages - Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Scan the solution
Run the scan from the solution root:
vg
Vibgrate detects .NET from your project and package files and reports drift findings grouped by severity.
3. Interpret the DriftScore
The DriftScore (0-100) summarizes accumulated upgrade risk across the solution. Review the highest-severity findings first — these usually point at packages with known breaking-change exposure or long-overdue updates.
4. Export SARIF for Azure DevOps
SARIF integrates cleanly with code-scanning and Azure DevOps:
vg scan --format sarif
Write it to a file your pipeline can publish:
vg scan --format sarif --out vibgrate.sarif
5. Add a build gate
Fail the build when error-level drift appears:
vg scan --fail-on error
Verification
Confirm the run reported a DriftScore and that vibgrate.sarif was created. With --fail-on error, inspect the exit code (echo $? or your pipeline's status) to verify the gate stops the build on high-severity drift.
Next Steps
Commit a baseline with vg baseline so future scans compare deltas, and wire the scan into Azure Pipelines for every pull request.