NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April,...
View ArticleThe Microsoft author signing certificate will be updated as soon as November...
Action required: If you validate that packages are author signed by Microsoft using a NuGet client policy or the NuGet.exe verify command, please follow these steps by November 1st, 2020 to avoid...
View ArticleThe NuGet.org repository signing certificate will be updated as soon as March...
Action required: If you validate that packages are repository signed by NuGet.org using a NuGet client policy, NuGet.exe verify command, or the dotnet nuget verify command, please follow these steps by...
View ArticleClik here to view.
How to Scan NuGet Packages for Security Vulnerabilities
Open Source is everywhere. It is in many proprietary codebases and community projects. For organizations and individuals, the question today is not whether you are or are not using open-source code,...
View Article.NET 5 NuGet Restore Failures on Linux distributions using NSS or...
We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates...
View ArticleIntroducing Package Source Mapping
We’re happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by...
View ArticleRequiring two-factor authentication on NuGet.org
Summary Over the past few years, we have continually invested in strengthening the supply-chain security for .NET packages. To strengthen the ecosystem further, NuGet.org will begin requiring...
View ArticleHTTPS everywhere
Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a...
View ArticleClik here to view.
Introducing Transitive Dependencies in Visual Studio
We heard from you that direct dependencies are easy to track, but that you struggle with tracking transitive dependencies. We want to make that easier for the day-to-day management of your NuGet...
View ArticleHTTPS Everywhere Update
Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don’t have much...
View ArticleClik here to view.
Building a Safer Future – How NuGet is Tackling Software Supply Chain Threats
Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It’s essential to ensure...
View ArticleClik here to view.
NuGetAudit 2.0: Elevating Security and Trust in Package Management
Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used...
View ArticleClik here to view.
OpenSSF Scorecard for .NET and the NuGet ecosystem
OpenSSF Scorecard is a tool developed by the Open Source Security Foundation (OpenSSF) that provides automated security assessments for open-source projects. The primary goal of the Scorecard project...
View Article