Explore the critical topic of assessing NuGet packages for security risks in this 54-minute conference talk from NDC Security in Oslo. Learn about the importance of evaluating third-party code, which often comprises up to 80% of modern applications. Discover how OpenSSF Scorecards can provide a "nutrition label" for software packages, helping developers make informed decisions about their dependencies. Examine various aspects of package security, including maintenance practices, build workflows, and the use of security tools. Delve into additional considerations specific to NuGet packages, such as reproducibility, .NET API usage, and code security reviews. Gain valuable insights to improve your ability to assess the security posture of NuGet packages and enhance your overall application security.
Assessing NuGet Packages with Security Scorecards
Overview
Syllabus
Assessing NuGet Packages more easily with Security Scorecards - Niels Tanis
Taught by
NDC Conferences
Related Courses
-
Reviewing NuGet Packages Security Using OpenSSF Scorecard
-
Reviewing NuGet Packages Security Using OpenSSF Scorecard
-
Assessing Third-Party Libraries More Easily with Security Scorecards
-
Reducing Third-Party Security Risk in .NET Core Applications
-
Implementing OpenSSF Best Practices Badges and Scorecards for Project Security
-
Sandboxing .NET Assemblies for Fun, Profit and of Course Security
