{"id":24079678,"url":"https://digitalcoyote.github.io/NuGetDefense/","last_synced_at":"2025-09-16T13:30:47.150Z","repository":{"id":37534685,"uuid":"238089796","full_name":"digitalcoyote/NuGetDefense","owner":"digitalcoyote","description":"An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.","archived":false,"fork":false,"pushed_at":"2025-07-31T01:59:18.000Z","size":119144,"stargazers_count":96,"open_issues_count":10,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-31T10:38:05.643Z","etag":null,"topics":["dotnet","dotnet-cli","msbuild-task","nuget-packages","nugetdefense","scanning","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/digitalcoyote.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"Contributing.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"digitalcoyote","patreon":"codingcoyote","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2020-02-04T00:21:04.000Z","updated_at":"2025-08-21T06:54:16.000Z","dependencies_parsed_at":"2022-07-14T06:30:34.306Z","dependency_job_id":"b537d2da-d757-49ff-b676-80ca21b080ea","html_url":"https://github.com/digitalcoyote/NuGetDefense","commit_stats":{"total_commits":245,"total_committers":8,"mean_commits":30.625,"dds":0.1959183673469388,"last_synced_commit":"7e27325fa7844ecc964048243e9502311a3597b1"},"previous_names":[],"tags_count":84,"template":false,"template_full_name":null,"purl":"pkg:github/digitalcoyote/NuGetDefense","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcoyote%2FNuGetDefense","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcoyote%2FNuGetDefense/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcoyote%2FNuGetDefense/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcoyote%2FNuGetDefense/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/digitalcoyote","download_url":"https://codeload.github.com/digitalcoyote/NuGetDefense/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digitalcoyote%2FNuGetDefense/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275424781,"owners_count":25462344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-16T02:00:10.229Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dotnet","dotnet-cli","msbuild-task","nuget-packages","nugetdefense","scanning","vulnerability"],"created_at":"2025-01-09T22:01:19.094Z","updated_at":"2025-09-16T13:30:43.068Z","avatar_url":"https://github.com/digitalcoyote.png","language":"C#","funding_links":["https://github.com/sponsors/digitalcoyote","https://patreon.com/codingcoyote","https://www.patreon.com/codingcoyote"],"categories":["DevOps"],"sub_categories":[],"readme":"# [![NuGetDefense](https://raw.githubusercontent.com/digitalcoyote/NuGetDefense/master/.github/images/logo.png)](https://digitalcoyote.github.io/NuGetDefense/)\n\n[![Join the chat at https://gitter.im/NuGetDefense/community](https://badges.gitter.im/NuGetDefense/community.svg)](https://gitter.im/NuGetDefense/community?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)  [![NuGet version](https://badge.fury.io/nu/NugetDefense.svg)](https://badge.fury.io/nu/NugetDefense)\n\nAn MSBuildTask that checks for known vulnerabilities. Inspired by [OWASP SafeNuGet](https://github.com/OWASP/SafeNuGet).\n\n## Docs\n\nView the full documentation for NuGetDefense [here](https://digitalcoyote.github.io/NuGetDefense/)\n\n4.x preview documentation can be found by running `dotnet /path/to/NuGetDefense.dll -?`\n\n\n## Features\n\n* Uses Multiple Sources to check for known vulnerabilities in third-party libraries (NuGet packages)\n    * [OSS Index](https://ossindex.sonatype.org/)\n    * [National Vulnerability Database](https://nvd.nist.gov/) (Optionally Self-Updating)\n        * This product uses the NVD API but is not endorsed or certified by the NVD.\n    * [GitHub Security Advisory Database](https://nvd.nist.gov/)\n* Simple installation/configuration: the [NuGet Package](https://www.nuget.org/packages/NuGetDefense/) is all you need.\n* dotnet Global Tool for those who want to run it manually or just in the CI\n* Transitive Dependency Checking\n    * SDK style projects only (older project format is not supported by the dotnet cli)\n    * Uses the versions resolved by the dotnet cli at build\n* Project Reference Scanning\n    * Scan all projects in a hierarchy by installing NuGet Defense to the top level package\n* Allow breaking the build based on severity of vulnerability.\n* Ignore specific vulnerabilities/packages.\n* Sensitive/Internal Packages filtering\n    * Don't send packages that are sensitive/internal to remote vulnerability sources\n* Caching to prevent excess calls and hitting rate limits on API's\n* Blocklisting NuGet Packages\n* Allowlisting NuGet Packages\n* MIT Licensed\n    * Consumable NuGet packages for bundling NuGetDefense scanners into your own software\n\n## Requirements\n\n* NuGetDefense v3.x is built only in .Net 6.0 so you will need the runtime/SDK installed.\n* NuGetDefense v4.x is built only in .Net 8.0 so you will need the runtime/SDK installed.\n\n## Unsupported Versions\n\n* Official Support follows support for the underlying framework.\n* Supporters can request support of unsupported versions (such as v2.x running on .Net 5) but are advised to use a\n  supported runtime (for better overall security)\n    * older .Net projects can use 4.x as long as the .Net 8 runtime is installed.\n\n## How does it work?\n\nNuGetDefense is a bundled dotnet tool that runs using\nan [MSBuild ExecTask](https://docs.microsoft.com/en-us/visualstudio/msbuild/exec-task?view=vs-2019) after your project\nfinishes building.\n\n## Love it? Support it\n\nYou can sponsor this project on [Github](https://github.com/sponsors/digitalcoyote)\nand [Patreon](https://www.patreon.com/codingcoyote). The funds will be used to pay for software licenses and\ncloud/hardware costs that keep my projects running.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/digitalcoyote.github.io%2FNuGetDefense%2F","html_url":"https://awesome.ecosyste.ms/projects/digitalcoyote.github.io%2FNuGetDefense%2F","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/digitalcoyote.github.io%2FNuGetDefense%2F/lists"}