Safeguard
Tag

dotnet

Safeguard articles tagged "dotnet" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Open Source Security

How Snyk scans NuGet and .NET project files for vulnerabl...

How Snyk resolves NuGet and .NET dependency graphs from csproj, packages.config, and project.assets.json files to find vulnerable packages.

Aug 24, 20257 min read
Open Source Security

dotnet restore Reproducibility Concerns

dotnet restore is supposed to be deterministic. In practice it is deterministic in ways that matter less and non-deterministic in ways that matter more.

Oct 12, 20247 min read
Open Source Security

.NET Source Generator Security Risks

Source generators are C# code that executes during compilation with developer privileges. The .NET equivalent of Rust's proc macros — and the same underexamined attack surface.

Sep 5, 20246 min read
Vulnerability Management

NuGet Package Vulnerabilities Dashboard

Listing every CVE in your NuGet dependency tree is easy. Turning it into a dashboard someone can act on is the work. A practical design.

Aug 15, 20245 min read
DevSecOps

NuGet Private Feed Security Hardening

Private NuGet feeds sit in the blind spot of most security programs. The hardening work is not glamorous but the failure modes are expensive.

Jul 30, 20247 min read
Open Source Security

NuGet Central Package Management Security

Central Package Management pulled NuGet's multi-project version chaos into a single source of truth. The security implications run deeper than the ergonomics suggest.

Jun 22, 20246 min read
Open Source Security

.NET Supply Chain Audit Patterns

Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.

May 18, 20246 min read
Open Source Security

NuGet Package Signing: Enterprise Rollout

Rolling NuGet package signing enforcement across a large .NET estate is a policy and tooling problem, not a cryptography problem. Here is how it actually goes.

Feb 25, 20246 min read
Dependency Security

.NET NuGet Package Security

Securing your .NET supply chain with NuGet package signing, lock files, and vulnerability scanning.

Feb 15, 20244 min read
dotnet (Page 3) — Safeguard Blog