NuGet Warning NU1905

warning NU1905: Audit source 'Contoso' did not provide any vulnerability data.

Issue

A source specified in a NuGet.Config <auditSources> element did not provide a vulnerability database.

Solution

Any NuGet source implementing NuGet's V3 server API can provide vulnerability data via the VulnerabilityInfo resource, including by mirroring nuget.org's vulnerability data. Any source defined in a NuGet.Config <auditSources> element is expected to provide this resource, and this warning is raised when it is not. You can check if your package source administrators have a setting to enable vulnerability data.

If you would like to treat this warning as an error, to cause build failures when vulnerability checks could not be performed, you can add <WarningAsError>$(WarningAsError);NU1905</WarningAsError> to your project file. If you are using TreatWarningsAsErrors to cause all warnings to be treated as errors, you can add <NoWarn>$(NoWarn);NU1905</NoWarn> to your project file to suppress this warning message, or <WarningsNotAsErrors>NU1905</WarningsNotAsErrors> to prevent this warning from being treated as an error.

For more information, see the documentation on auditing packages.