Safeguard
Tag

nuget

Safeguard articles tagged "nuget" — guides, analysis, and best practices for software supply chain and application security.

20 articles

Vulnerabilities

The Moq Vulnerability: What Happened and What to Do

The Moq incident wasn't a classic CVE — it was a popular .NET mocking library quietly bundling a data-collection dependency in a routine version bump, and it's a case study in why supply-chain monitoring has to watch behavior, not just version numbers.

Aug 15, 20245 min read
DevSecOps

NuGet Private Feed Security Hardening

Private NuGet feeds sit in the blind spot of most security programs. The hardening work is not glamorous but the failure modes are expensive.

Jul 30, 20247 min read
Open Source Security

NuGet Central Package Management Security

Central Package Management pulled NuGet's multi-project version chaos into a single source of truth. The security implications run deeper than the ergonomics suggest.

Jun 22, 20246 min read
Open Source Security

.NET Supply Chain Audit Patterns

Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.

May 18, 20246 min read
Best Practices

.NET 8 Supply Chain Improvements

.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.

Mar 10, 20245 min read
Open Source Security

NuGet Package Signing: Enterprise Rollout

Rolling NuGet package signing enforcement across a large .NET estate is a policy and tooling problem, not a cryptography problem. Here is how it actually goes.

Feb 25, 20246 min read
Dependency Security

.NET NuGet Package Security

Securing your .NET supply chain with NuGet package signing, lock files, and vulnerability scanning.

Feb 15, 20244 min read
Software Supply Chain Security

NuGet Package Tampering Detection: Securing the .NET Supply Chain

NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.

Jul 5, 20235 min read
nuget (Page 2) — Safeguard Blog