Overview
Explore the critical importance of assessing the security of NuGet packages in software development through this comprehensive conference talk from NDC Oslo 2024. Delve into the challenges of relying on third-party code, which constitutes approximately 80% of most applications, and the potential security risks it poses. Learn about the OpenSSF Scorecard project, an innovative tool designed to simplify the security review process for NuGet packages. Discover how this scorecard system, analogous to nutrition labels on food products, provides valuable insights into a package's security posture. Examine various aspects covered by the OpenSSF Scorecard, including maintenance practices, build workflow safety, and the use of security tools. Investigate additional areas specific to NuGet packages, such as reproducibility, .NET API usage, and codebase security reviews. Gain practical knowledge on how to leverage these tools and insights to make informed decisions about package selection, ultimately enhancing the security of your own applications and supply chain.
Syllabus
Reviewing NuGet Packages security easily using OpenSSF Scorecard - Niels Tanis - NDC Oslo 2024
Taught by
NDC Conferences