.NET Framework Validator

An Azure DevOps extension for enforcing organization governance on allowed .NET framework versions. This extension helps standardize the .NET versions used across your organization's projects and prevents usage of unapproved, deprecated, or potentially vulnerable framework versions.

Purpose and Benefits

• Governance and Standardization: Enforce organization standards for .NET frameworks
• Technical Debt Prevention: Prevent usage of obsolete or deprecated frameworks
• Security Posture: Ensure projects only use supported frameworks with security updates
• Modernization: Guide teams toward using newer frameworks
• Centralized Management: Configure framework whitelists once for the entire organization or customize at project level

Key Features

• Centralized Management UI: Admin portals for organization-wide and project-specific whitelists
• Flexible Whitelist Hierarchy: Global whitelist with project-level overrides and pipeline-level exceptions
• Zero Configuration Required: Works out of the box with default whitelists
• Build Validation: Automatically validates all projects during build
• Non-Blocking Option: Can be configured to warn rather than fail builds

Getting Started

Basic Usage (Zero Configuration)

Simply add the task to your pipeline - no additional configuration required:

# Add to your azure-pipelines.yml
steps:
- task: DotNetFrameworkValidator@2
  displayName: 'Validate .NET Framework Versions'
  inputs:
    projectPath: '**/*.csproj'  # Default: validate all project files
    failOnInvalidFramework: true  # Fail build on unapproved frameworks

Important: Enable "Allow scripts to access the OAuth token" in your pipeline settings to allow retrieving organization whitelists.

Configuring Whitelists

Organization Level (Global Whitelist)

1. Navigate to Organization Settings → Extensions → .NET Framework Whitelist
2. Add/remove frameworks to create your organization-wide standard
3. Save your changes - they apply automatically to all projects using the global whitelist

Project Level (Project-Specific Whitelist)

1. Navigate to Project Settings → Extensions → .NET Framework Whitelist
2. Create a project-specific whitelist that overrides the global settings
3. Projects can maintain their own whitelists when they have special requirements

Pipeline Level (One-time Override)

Override the whitelist directly in your pipeline when special exceptions are needed:

- task: DotNetFrameworkValidator@2
  inputs:
    projectPath: '**/*.csproj'
    overrideWhitelist: 'net6.0,net5.0,netcoreapp3.1,net48'  # Comma-separated list
    failOnInvalidFramework: true

Whitelist Hierarchy

The extension follows a clear hierarchy when determining the whitelist to use:

1. Pipeline Override: Highest priority - overrideWhitelist parameter in task
2. Project Whitelist: Project-specific settings configured in Project Admin
3. Global Whitelist: Organization-wide settings configured in Organization Admin
4. Default Whitelist: Fallback with common frameworks if no whitelist is configured

Default whitelist includes: net8.0, net7.0, net6.0, net481, net48, net472, net471, net47, net462, net461, netstandard2.1, netstandard2.0, net5.0, netcoreapp3.1

Task Configuration

The task supports the following inputs:

How It Works

The task performs the following steps:

1. Retrieves the appropriate whitelist following the hierarchy described above
2. Scans all project files matching the provided pattern
3. Extracts target frameworks from each project's TargetFramework and TargetFrameworks properties
4. Validates each framework against the whitelist
5. Either fails the build or issues warnings for non-compliant frameworks

Troubleshooting

If the task doesn't find your whitelist:

1. Check if "Allow scripts to access OAuth token" is enabled in pipeline settings
2. Verify that the correct whitelist is configured in the admin UI
3. Try using the overrideWhitelist parameter to explicitly set the allowed frameworks