nuget
Safeguard articles tagged "nuget" — guides, analysis, and best practices for software supply chain and application security.
20 articles
The Moq Vulnerability: What Happened and What to Do
The Moq incident wasn't a classic CVE — it was a popular .NET mocking library quietly bundling a data-collection dependency in a routine version bump, and it's a case study in why supply-chain monitoring has to watch behavior, not just version numbers.
NuGet Private Feed Security Hardening
Private NuGet feeds sit in the blind spot of most security programs. The hardening work is not glamorous but the failure modes are expensive.
NuGet Central Package Management Security
Central Package Management pulled NuGet's multi-project version chaos into a single source of truth. The security implications run deeper than the ergonomics suggest.
.NET Supply Chain Audit Patterns
Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.
.NET 8 Supply Chain Improvements
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
NuGet Package Signing: Enterprise Rollout
Rolling NuGet package signing enforcement across a large .NET estate is a policy and tooling problem, not a cryptography problem. Here is how it actually goes.
.NET NuGet Package Security
Securing your .NET supply chain with NuGet package signing, lock files, and vulnerability scanning.
NuGet Package Tampering Detection: Securing the .NET Supply Chain
NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.