An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.
- SafeNuGet hasn't seen a new commit in years and isn't able to keep up with vulnerable packages.
- SafeNuGet doesn't have a license (at all).
- A pure MSBuild task should not use dependencies and cannot get the desired results without them.
- Uses OSS Index to check for Open Source Software culnerabilities.
- MIT Licensed
- Simple Installation/Configurationa simple NuGet Package is all you need.
- Reference the National Vulnerability Database.
- Allow breaking the build based on severity of vulnerability.
- Ignore specific vulnerabilities/packages.
Currently NuGetDefense is built only in .Net Core 3.1 so you will need the runtime/SDK installed.
NuGetDefense is a bundled dotnet tool that runs using an MSBuild ExecTask after your project finishes building.
You can click the sponsor button at the top of this repo or sponsor this project on Github and Patreon. The funds will be used to pay for software licenses and cloud/hardware costs that keep my projects running.