Generating SBOMs in NuGet packages with Microsoft.Sbom.Targets
How to use the Microsoft.SBOM.Targets NuGet package to produce a Software Bill of Materials (SBOM) during your release builds.
Topic
.NET Security
A collection of 4 issues
.NET code & nupkg signing in GitHub Actions
This guide will walk you through using a combination of GitHub actions and Entra managed identities to enable signing code and NuGet packages from within an action without needing to worry about access tokens.
Post Quantum Support in .NET
.NET 10 added ML-KEM, ML-DSA, SLH-DSA and Composite ML-KEM. Here I break down the support and its current limitations.
The year in .NET Security
A breakdown the year in .NET CVEs, including the code that caused the vulnerability, the fixes, and links to the GitHub PRs or commits that fixed the issues.