OWASP SafeNuGet is an MsBuild task to warn about insecure NuGet libraries: https://nuget.org/packages/SafeNuGet/
- Install the NuGet package
You can configure OWASP SafeNuGet by editing the packages/SafeNuGet.1.0.9/build/SafeNuGet.targets (replace the version number with the one you have installed).
- CacheTimeInMinutes - how long the list of vulnerabilities should be kept before being refreshed from github
- DontBreakBuild - (from 1.0.9) - If set to true, will not break build even though vulnerable package is found
Want to contribute?
Code contributions are also very welcome. Fork and create a pull request.
Experience an issue?
Register it here at github: issues