Learn how to effectively assess the security of NuGet packages using OpenSSF Scorecard in this conference talk from Copenhagen Developers Festival. Discover why security evaluation of third-party code is crucial, given that approximately 80% of modern applications consist of external dependencies. Explore the OpenSSF Scorecard project, which functions similar to nutrition labels on food products, providing essential security metrics for software packages. Master the various assessment areas covered by the scorecard, including maintenance quality, build workflow security, and integration of security tools. Gain insights into additional evaluation criteria specific to NuGet packages, such as reproducibility, .NET API usage patterns, and codebase security analysis. Develop practical skills to enhance your application's security posture through better understanding and assessment of third-party package dependencies.
Reviewing NuGet Packages Security Using OpenSSF Scorecard
Overview
Syllabus
Reviewing NuGet Packages security easily using OpenSSF Scorecard -
Taught by
NDC Conferences
Related Courses
-
Reviewing NuGet Packages Security Using OpenSSF Scorecard
-
Assessing NuGet Packages with Security Scorecards
-
Intel's Experiences Using OpenSSF Scorecard to Better Secure Software Portfolio
-
Fortify Your Code: Secure Your Supply Chain with Scorecard
-
Do You Know the Health of Your OSS Dependencies? Introducing OSSF Scorecard API
-
Scorecard at Scale: Old and New Possibilities for Lifting Security on All Repositories
