Explore the critical importance of assessing the security of NuGet packages in software development through this comprehensive conference talk from NDC Oslo 2024. Delve into the challenges of relying on third-party code, which constitutes approximately 80% of most applications, and the potential security risks it poses. Learn about the OpenSSF Scorecard project, an innovative tool designed to simplify the security review process for NuGet packages. Discover how this scorecard system, analogous to nutrition labels on food products, provides valuable insights into a package's security posture. Examine various aspects covered by the OpenSSF Scorecard, including maintenance practices, build workflow safety, and the use of security tools. Investigate additional areas specific to NuGet packages, such as reproducibility, .NET API usage, and codebase security reviews. Gain practical knowledge on how to leverage these tools and insights to make informed decisions about package selection, ultimately enhancing the security of your own applications and supply chain.
Reviewing NuGet Packages Security Using OpenSSF Scorecard
Overview
Syllabus
Reviewing NuGet Packages security easily using OpenSSF Scorecard - Niels Tanis - NDC Oslo 2024
Taught by
NDC Conferences
Related Courses
-
Assessing NuGet Packages with Security Scorecards
-
Intel's Experiences Using OpenSSF Scorecard to Better Secure Software Portfolio
-
Assessing Third-Party Libraries More Easily with Security Scorecards
-
Do You Know the Health of Your OSS Dependencies? Introducing OSSF Scorecard API
-
What is the OpenSSF? - An Introduction to the Open Source Security Foundation
-
Building and Using the OpenSSF Security Toolbelt - 6 Months In
