Skip to content
MsBuild task to warn about insecure NuGet libraries
Branch: master
Clone or download
This branch is 30 commits ahead, 4 commits behind eoftedal:master.

Latest commit

eoftedal Merge pull request #17 from DudeSolutions/master
fix mustash.js to point to correct nuget id
Latest commit 7f52761 Apr 7, 2017


Type Name Latest commit message Commit time
Failed to load latest commit information.
DemoLib This commit contains the following enhancements : Feb 5, 2014
SafeNuGetTesting Fix xml element name typo in feed Jan 1, 2015
SafeNuget Allow access to feed behind a proxy Jan 1, 2015
feed fix mustash.js to point to correct nuget id Feb 23, 2017
nuget Fixing a bug and bumping version May 30, 2014
.gitattributes Committing repo and initiating git repo Jun 13, 2013
.gitignore Fixes #8 Adding configuration settings Feb 19, 2014
SafeNuget.sln Moving to OWASP Jun 17, 2013


OWASP SafeNuGet is an MsBuild task to warn about insecure NuGet libraries:

Use of libraries with known vulnerabilities is a big problem. So big in fact it has now made it to the OWASP Top 10 2013. It's under A9 Using Known Vulnerable Components.


  1. Install the NuGet package
  2. Build


You can configure OWASP SafeNuGet by editing the packages/SafeNuGet.1.0.9/build/SafeNuGet.targets (replace the version number with the one you have installed).


  • CacheTimeInMinutes - how long the list of vulnerabilities should be kept before being refreshed from github
  • DontBreakBuild - (from 1.0.9) - If set to true, will not break build even though vulnerable package is found

Want to contribute?

Great! If you want to contribute to the list of unsafe libraries, please create a pull request, register it as an issue or email me at

Code contributions are also very welcome. Fork and create a pull request.

Experience an issue?

Register it here at github: issues

You can’t perform that action at this time.