Search code examples

How to ignore dev dependencies in WhiteSource scan for nuget packages

I want to ignore my SonarAnalyzer.Csharp and Sonarlint package in the C# code WhiteSource scan. They are being captured as Policy Violation.

I checked the documentation, there is no option to ignore checking dev dependencies

Is there any option that we can provide in the WhiteSource config file to skip it. My packages.config file looks like this.

<?xml version="1.0" encoding="utf-8"?>
<package id="SonarAnalyzer.CSharp" version="1.21.0" targetFramework="net461" />
<package id="SonarLint" version="2.0.0" targetFramework="net452" developmentDependency="true" />


  • In the WhiteSource Unified Agent Configuration, there is a section where you can exclude file extensions or specific directories - it is under the Includes/Excludes Glob patterns.