Assessing NuGet Packages with Security Scorecards

Explore the critical topic of assessing NuGet packages for security risks in this 54-minute conference talk from NDC Security in Oslo. Learn about the importance of evaluating third-party code, which often comprises up to 80% of modern applications. Discover how OpenSSF Scorecards can provide a "nutrition label" for software packages, helping developers make informed decisions about their dependencies. Examine various aspects of package security, including maintenance practices, build workflows, and the use of security tools. Delve into additional considerations specific to NuGet packages, such as reproducibility, .NET API usage, and code security reviews. Gain valuable insights to improve your ability to assess the security posture of NuGet packages and enhance your overall application security.

Assessing NuGet Packages more easily with Security Scorecards - Niels Tanis