Learn about patterns for securing your containers with a non-root user, and changes to .NET container images in .NET 8 to enable this behavior.
.NET has changed a lot over the last few years. Learn why you should choose it for your next project.
Turn Visual Studio into a one-stop-shop for your security and performance needs with Infer#
We heard from you that direct dependencies are easy to track, but that you struggle with tracking transitive dependencies. We want to make that easier for the day-to-day management of your NuGet packages in Visual Studio. To help you track transitive dependencies and remediate vulnerabilities quickly with SDK-style projects, we are introducing an ...
Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a security fact sheet from The White House reinforced companies to take action to secure our software supply chains. HTTPS and SSL not only encrypt o...
NuGet.org will begin requiring two-factor authentication for accounts starting March 8th.
Yesterday, we are released the January 2022 Security and Quality Rollup Updates for .NET Framework. Security CVE-2022-21911 – .NET Framework Denial of Service This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Quality and Reliability This release contains the...
We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.
We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.
Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.
