Skip to content

OWASP/SafeNuGet

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits

DemoLib

DemoLib

 
 

SafeNuGetTesting

SafeNuGetTesting

 
 

SafeNuget

SafeNuget

 
 

feed

feed

 
 

nuget

nuget

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

SafeNuget.sln

SafeNuget.sln

 
 

Repository files navigation

OWASP SafeNuGet

OWASP SafeNuGet is an MsBuild task to warn about insecure NuGet libraries: https://nuget.org/packages/SafeNuGet/

Use of libraries with known vulnerabilities is a big problem. So big in fact it has now made it to the OWASP Top 10 2013. It's under A9 Using Known Vulnerable Components.

Installation

  1. Install the NuGet package
  2. Build

Configuring

You can configure OWASP SafeNuGet by editing the packages/SafeNuGet.1.0.9/build/SafeNuGet.targets (replace the version number with the one you have installed).

Settings:

  • CacheTimeInMinutes - how long the list of vulnerabilities should be kept before being refreshed from github
  • DontBreakBuild - (from 1.0.9) - If set to true, will not break build even though vulnerable package is found

Want to contribute?

Great! If you want to contribute to the list of unsafe libraries, please create a pull request, register it as an issue or email me at erlend.oftedal@owasp.org.

Code contributions are also very welcome. Fork and create a pull request.

Experience an issue?

Register it here at github: issues

About

MsBuild task to warn about insecure NuGet libraries

Resources

Readme
Activity
Custom properties

Stars

96 stars

Watchers

17 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%