Microsoft has announced that NuGet now supports Trusted Publishing for publishing packages from GitHub Actions. Trusted Publishing is an authentication method that utilizes the OpenID Connect (OIDC) standard. Rather than using long-lived API tokens when publishing software packages, an OIDC identity token can be exchanged for a short-lived API token. It has been adopted by … continue reading
Black Duck adds new security app to GitHub Marketplace The Black Duck Security GitHub App enables static application security testing (SAST) and software composition analysis (SCA) scans in GitHub repositories. Scans are triggered automatically by code commits and pull requests, and results are added as comments to the pull request if issues are detected. It … continue reading
Microsoft announced that NuGet 6.0 is being included in Visual Studio 2022 and .NET 6.0 out of the box. NuGet 6.0 can also be downloaded for macOS, Windows, and Linux as a standalone executable. The NuGet tooling assists developers in discovering new .NET packages to use for their .NET applications, while also making package management … continue reading
Microsoft has updated its Visual Studio 2017 Release Candidate with improvements to its .NET solutions. The .NET Core tools, .NET Native tools and NuGet are all getting new enhancements in the latest release. “We announced our intention last summer to bring more uniformity to .NET projects and .NET development,” wrote Rich Lander, program manager at … continue reading
Microsoft has laid out plans for the open-source release of .NET Core, and how it fits into .NET 2015 and the company’s overall strategy. .NET Framework program manager Immo Landwerth explained the strategy in a blog post, giving an overview of .NET Core, how it will be released open-source and what role .NET Core will … continue reading
