security

Dec 11, 2022 4 min read

.Net static code analysis in Azure DevOps with Security Code Scan

You've probably heard about other SAST tools like SonarQube, but since Security Code Scan is a lesser known tool I'll start off with a list of reasons why you might consider using it.

img of Checking for vulnerabilities in transitive NuGet dependencies

Dec 8, 2022 4 min read

Security

Checking for vulnerabilities in transitive NuGet dependencies

Have you ever wondered if your dependency scanning is checking for vulnerabilities beyond your immediate package references?