Showing results for Security - The NuGet Blog

Jul 17, 2024
11
4

NuGetAudit 2.0: Elevating Security and Trust in Package Management

Andy Zivkovic Jon Douglas
Andy,
Jon

Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used by a project. More information about NuGet Audit, including detailed configuration options can be found on our learn website. New features are still...

NuGetFeature AnnouncementSecurity
Jul 16, 2024
0
3

Building a Safer Future – How NuGet is Tackling Software Supply Chain Threats

Jon Douglas
Jon Douglas

Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It's essential to ensure the software ecosystem is secure, focusing on protecting .NET developers who design, build, and maintain the critical software we all use. As the home...

NuGetNuGet.orgSecurity
Sep 19, 2023
7
4

HTTPS Everywhere Update

Jon Douglas
Jon Douglas

Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don't have much everyday visibility of. After we published that blog, we heard you loud and clear that there was a gap. This plan needed a clear way to suppress the ...

NuGetSecurityOther announcements
Aug 9, 2022
4
5

Introducing Transitive Dependencies in Visual Studio

Jon Douglas Jean-Pierre Briedé
Jon,
Jean-Pierre

We heard from you that direct dependencies are easy to track, but that you struggle with tracking transitive dependencies. We want to make that easier for the day-to-day management of your NuGet packages in Visual Studio. To help you track transitive dependencies and remediate vulnerabilities quickly with SDK-style projects, we are introducing an ...

NuGetFeature AnnouncementVisual Studio
Aug 9, 2022
15
1

HTTPS everywhere

Jon Douglas
Jon Douglas

Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a security fact sheet from The White House reinforced companies to take action to secure our software supply chains. HTTPS and SSL not only encrypt ...

NuGetSecurityOther announcements
Sep 15, 2021
4
0

Introducing Package Source Mapping

Nikolche Kolev
Nikolche Kolev

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

Feature AnnouncementNuGetSecurity
Mar 2, 2021
27
2

How to Scan NuGet Packages for Security Vulnerabilities

Drew Gillies
Drew Gillies

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

NuGetNuGet.orgFeature Announcement