Overview
Learn how to effectively assess the security of NuGet packages using OpenSSF Scorecard in this conference talk from Copenhagen Developers Festival. Discover why security evaluation of third-party code is crucial, given that approximately 80% of modern applications consist of external dependencies. Explore the OpenSSF Scorecard project, which functions similar to nutrition labels on food products, providing essential security metrics for software packages. Master the various assessment areas covered by the scorecard, including maintenance quality, build workflow security, and integration of security tools. Gain insights into additional evaluation criteria specific to NuGet packages, such as reproducibility, .NET API usage patterns, and codebase security analysis. Develop practical skills to enhance your application's security posture through better understanding and assessment of third-party package dependencies.
Syllabus
Reviewing NuGet Packages security easily using OpenSSF Scorecard -
Taught by
NDC Conferences