For projects based on package references in package files (PackageReference), the following flags setup is recommended:
For projects based on packages.config, the following flags setup is recommended:
NOTE: It is highly recommended to use NuGet version 4.9 or higher in this case, as the Unified Agent will be able to generate the corresponding packages.lock.json file for better resolution.
For both package manager formats, please set the nuget.runPreStep to true if the project is not built prior to the scan.
For more information, see the Configuration File & Parameters page.