profile
viewpoint
Curtis Carter digitalcoyote NorthEast Arkansas https://digitalcoyote.github.io/NuGetDefense/ Cross-Platform .Net Developer

digitalcoyote/chocolatey-packages 1

Template repository for Chocolatey Automatic Package Updater Module

digitalcoyote/allure2 0

The next generation of Allure Report, a flexible lightweight multi-language test report tool with the possibility to add steps, attachments, parameters and so on.

digitalcoyote/angular-split 0

Angular UI library used to split views and to allow dragging to resize the split areas using CSS flexbox layout.

digitalcoyote/audit.net 0

Identify known vulnerabilities in .net nuget dependencies

digitalcoyote/BaGet 0

A lightweight NuGet service implementation

digitalcoyote/Bogus 0

:card_index: A simple and sane fake data generator for C#, F#, and VB.NET. Based on and ported from the famed faker.js.

digitalcoyote/Bonobo-Git-Server 0

Bonobo Git Server for Windows is a web application you can install on your IIS and easily manage and connect to your git repositories. Go to homepage for release and more info.

digitalcoyote/BuildTaskNuGetPackageTemplate 0

A template for creating a NuGet Package that runs an exec task at build

digitalcoyote/Cake.Svn 0

Cake AddIn that extends Cake with Subversion features using SharpSvn

digitalcoyote/chocolatey-test-environment 0

A testing setup related to how the Chocolatey Package Verifier runs testing. Used for manual testing or prior to submission

push eventdigitalcoyote/CoyoteBuild

Curtis Carter

commit sha 8a60bfda375feb76c1e30561e8a5f737f44545d3

Setup UpdateSass

view details

push time in a day

startedadamhathcock/sharpcompress

started time in a day

push eventdigitalcoyote/CoyoteBuild

Curtis Carter

commit sha cff4ec619174634db84da097389a0a6a85b02f15

Update README.md

view details

push time in a day

create barnchdigitalcoyote/CoyoteBuild

branch : master

created branch time in a day

created repositorydigitalcoyote/CoyoteBuild

created time in a day

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 7a55b426c50b494e32b6ec314c8306d5f43c8e00

Moved Functionality into NuGetDefense.Core

view details

push time in 2 days

created tagdigitalcoyote/NuGetDefense.Core

tag1.0.5.0

Core Functionality for NuGetDefense style packages

created time in 2 days

push eventdigitalcoyote/NuGetDefense.Core

Curtis Carter

commit sha 2375b6381bee9608c56ebccda188db6a98892f35

Moving Functionality From NuGetDefense Moving various static methods in NuGetDefense to NuGetDefense.Core in preparation for standalone scanners.

view details

push time in 2 days

created tagdigitalcoyote/BuildTaskNuGetPackageTemplate

tag0.0.0.2

A template for creating a NuGet Package that runs an exec task at build

created time in 2 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha feb2b36e5c191be37ca21a7833425cde584db3fe

Bumped Version Manually added file to nupkg as nuspec files are ignored when it looks for content files to pack

view details

push time in 2 days

created tagdigitalcoyote/BuildTaskNuGetPackageTemplate

tag0.0.0.1

A template for creating a NuGet Package that runs an exec task at build

created time in 2 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha fef9be13e915bcdd935f7105711887fa09c5b1ae

Create LICENSE

view details

Curtis Carter

commit sha f056e48a8d481166570fbb76ca690cac512059e7

Removed Extraneous Property Group

view details

Curtis Carter

commit sha a5dd8dcc5f283754eaf76a7912b59fee776b951a

Added `build` tag

view details

push time in 2 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha fef9be13e915bcdd935f7105711887fa09c5b1ae

Create LICENSE

view details

Curtis Carter

commit sha f056e48a8d481166570fbb76ca690cac512059e7

Removed Extraneous Property Group

view details

Curtis Carter

commit sha a5dd8dcc5f283754eaf76a7912b59fee776b951a

Added `build` tag

view details

Curtis Carter

commit sha 62ffa957310a5cfa3bd2600505caca4f051dcfd3

Added Package Template

view details

Curtis Carter

commit sha 28588e479a4e8279f39f846d5bdb027fb53cb2e6

0.0.0.1 Release

view details

push time in 2 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha c402f5309c59daf25ba29bf50fed72585d8d8b6c

Initial Release Changes Removed Pre-Release Removed extraneous property group Added `build` tag

view details

push time in 3 days

issue commentwarmuuh/milkman

choco install milkman-grpc isn't found

It's done by volunteers. I've seen new packages take upwards of 2 weeks. After they feel they can trust it, they'll mark it and it will bypass manual review.

shawnwildermuth

comment created time in 3 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 8b6cf359e73285864c599f02b5a92b387d6b5ed7

Create LICENSE

view details

Curtis Carter

commit sha 80a65adb4cb8812af6d1bd60a2f877f3b01d910b

Added Package Template

view details

push time in 3 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

push time in 3 days

delete branch digitalcoyote/BuildTaskNuGetPackageTemplate

delete branch : add-license-1

delete time in 3 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 8b6cf359e73285864c599f02b5a92b387d6b5ed7

Create LICENSE

view details

push time in 3 days

create barnchdigitalcoyote/BuildTaskNuGetPackageTemplate

branch : add-license-1

created branch time in 3 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 3071622edfd7cf0c7f451a2c40bcc044d099fbe0

Added Package Template

view details

push time in 3 days

create barnchdigitalcoyote/BuildTaskNuGetPackageTemplate

branch : package

created branch time in 3 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha dd6d78d796ad2a40bbb78c64789efd86064cb732

Removed Additional NuGetDefense References

view details

push time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 176cae6d524de183f5e98c2cdbcb6e33bd37451a

Initial commit Created from NuGetDefense

view details

push time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 98bff8af72be71e58ccf3f4673f3644ed5aa0403

Initial commit Created from NuGetDefense

view details

push time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha e4192315da6baae8b88c78949b9080db3adfd338

Initial commit Created from NuGetDefense

view details

push time in 4 days

created repositorydigitalcoyote/BuildTaskNuGetPackage.Template

Source for the `dotnet new nugetbuildtask` template

created time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 8252747f9f0b5947011e55e4348e8730aa36cbad

Initial commit Created from NuGetDefense

view details

push time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha 94ef45b312260ea0bccecf641eb56af825278ea1

Create README.md

view details

push time in 4 days

push eventdigitalcoyote/BuildTaskNuGetPackageTemplate

Curtis Carter

commit sha fbf89750ba451460fab6273756f5a115581ed4cd

Initial commit Created from NuGetDefense

view details

push time in 4 days

create barnchdigitalcoyote/BuildTaskNuGetPackageTemplate

branch : master

created branch time in 4 days

created repositorydigitalcoyote/BuildTaskNuGetPackageTemplate

A template for creating a NuGet Package that runs an exec task at build

created time in 4 days

startedwarmuuh/milkman

started time in 4 days

created tagdigitalcoyote/chocolatey-packages

tagdrawio-13.3.9

Template repository for Chocolatey Automatic Package Updater Module

created time in 4 days

release digitalcoyote/chocolatey-packages

drawio-13.3.9

released time in 4 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha 1d86cf08fac8fde436decd4d377576aa0ec8ea47

AU: 1 updated - drawio [skip ci]

view details

push time in 4 days

issue closeddigitalcoyote/chocolatey-packages

n3dr

closed time in 4 days

030

issue commentdigitalcoyote/chocolatey-packages

n3dr

PR has been merged. It won't take effect until the next release though. If it's necessary for someone that this release is embedded, I can force an update before it's reviewed or I can force an update post-review.

030

comment created time in 4 days

push eventdigitalcoyote/chocolatey-packages

TheCakeIsNaOH

commit sha b3121bdde9053aaba773c5e73e3f919057975f42

(GH-4) n3dr include binary in package

view details

TheCakeIsNaOH

commit sha edc323643cd5068bbb92911068d4c2fb7ba00723

Remove nocheckchocoversion from n3dr AU

view details

push time in 4 days

Pull request review commentdigitalcoyote/chocolatey-packages

(GH-4) n3dr include binary in package

 function global:au_GetLatest {   $url = $download_page.links | Where-Object href -match $regex | Select-Object -First 1 -expand href   $version = $url -split '\/' | Select-Object -Last 1   $url = "https://github.com/030/n3dr/releases/download/$version/n3dr-windows"-  return @{ Version = $version; URL = $url; ChecksumType32 = 'sha512';}+  return @{ Version = $version; URL32 = $url; ChecksumType32 = 'sha512'; FileType = 'exe';} } -Update-Package -ChecksumFor 32+Update-Package  -ChecksumFor none -nocheckchocoversion

Remove the -nocheckchocoversion

I use this and Force on special occasions but I generally prefer not to have it attempt to push a package if a version is already uploaded.

TheCakeIsNaOH

comment created time in 5 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha c877171b1faf4e06ee4f7d0f06fdd486f3ee1a35

Corrected ID in Update script of milkman-cassandra Copypasta error

view details

push time in 5 days

pull request commentdigitalcoyote/chocolatey-packages

(GH-4) n3dr include binary in package

Other than that one change, this looks good.

TheCakeIsNaOH

comment created time in 5 days

issue commentwarmuuh/milkman

choco install milkman-grpc isn't found

milkman-grpc has been added to chocolatey. I'll make sure to add cassandra and update the milkman-plugins package later. I have them ready, but it appears I've forgotten to push them.

shawnwildermuth

comment created time in 6 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha 7b3db2a02625afba9b4e479ee80e205339880a45

Added milkman Cassandra and grpc plugins

view details

Curtis Carter

commit sha a11579e88be60231419ed866d81821088f79f8ed

Updated Milkman-plugins to include the new plugins

view details

push time in 7 days

issue commentwarmuuh/milkman

choco install milkman-grpc isn't found

I'll try to add this in as soon as I get a chance. Might be later this week.

shawnwildermuth

comment created time in 7 days

issue commentdigitalcoyote/chocolatey-packages

n3dr

The "rate limiting" I was concerned with appears to be only for requests, so the size won't matter. I double-checked the license on n3dr and it should be no issue to embed it.

You can submit a PR or I'll try to get to this sometime in the next week or so. Unless @030 objects, I have no valid objections.

030

comment created time in 7 days

created tagdigitalcoyote/chocolatey-packages

tagdeno-1.1.3

Template repository for Chocolatey Automatic Package Updater Module

created time in 9 days

release digitalcoyote/chocolatey-packages

deno-1.1.3

released time in 9 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha b608af3b2ebfda2faa32fe8e341e3e459c272c85

AU: 1 updated - deno [skip ci]

view details

push time in 9 days

issue commentdigitalcoyote/chocolatey-packages

n3dr

That will be partially up to @030, but if I remember correctly that's not considered a best practice. I'll review the documentation for embedded binaries in packages when the binary is publicly available. I believe that since this would enlarge the size of the package, it could be slower than downloading as part of the install since chocolatey throttles free users to a degree (I'll have to recheck the documentation to make sure this is correct).

030

comment created time in 10 days

issue commentdigitalcoyote/chocolatey-packages

sourcetrail fails to update

I wasn't able to reproduce it on my windows VM. Any chance you can send me the log for that (be sure to double check it for sensitive data).

aminya

comment created time in 10 days

created tagdigitalcoyote/chocolatey-packages

tagoh-my-posh-2.0.443

Template repository for Chocolatey Automatic Package Updater Module

created time in 10 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha 4474369adfe47aa4de211dc41a286d8e7da78227

AU: 1 updated - oh-my-posh [skip ci]

view details

push time in 10 days

release digitalcoyote/chocolatey-packages

oh-my-posh-2.0.443

released time in 10 days

created tagdigitalcoyote/chocolatey-packages

tagsidequest-0.10.10

Template repository for Chocolatey Automatic Package Updater Module

created time in 10 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha 4e4ef348c8e6d2996bed0738f01b07573f6afb64

AU: 1 updated - sidequest [skip ci]

view details

push time in 10 days

release digitalcoyote/chocolatey-packages

sidequest-0.10.10

released time in 10 days

issue commentdigitalcoyote/chocolatey-packages

sourcetrail fails to update

It will probably be tomorrow night before I can look at this. I assume this was installed/updated with the Chocolatey GUI?

aminya

comment created time in 11 days

issue commentdigitalcoyote/NuGetDefense

NuGet Dependency Scanning

1.0.8.0-beta has some basic support for Transitive Dependency checks for SDK Style PackageReferences. I've got a couple improvements planned already but feedback is welcome.

#Known issues:

  • does not include support for legacy .Net projects
  • although it hasn't been tested, I suspect multitarget projects will also face problems (or at least not be accurate).
  • there is a performance hit when enabling this check
  • default configuration is not ideal. I haven't settled on how defaults will be set, but I feel that the current default is not optimal.
digitalcoyote

comment created time in 11 days

created tagdigitalcoyote/chocolatey-packages

tagdrawio-13.3.5

Template repository for Chocolatey Automatic Package Updater Module

created time in 12 days

release digitalcoyote/chocolatey-packages

drawio-13.3.5

released time in 12 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha a3ffbc7a321739702b951febfd1e7d46f1755d79

AU: 1 updated - drawio [skip ci]

view details

push time in 12 days

PR closed digitalcoyote/NuGetDefense

Feature/package source readers Hold
  • file readers for packages.config and projectfiles extracted to new classes
  • introducing new reader to support dependencies from package.lock.json file
+544 -50

1 comment

16 changed files

marco-junge

pr closed time in 13 days

pull request commentdigitalcoyote/NuGetDefense

Feature/package source readers

Project has changed significantly since this PR. I'm about to be doing some heavy refactoring that will involve moving some of the functionality here into NuGetDefense.Core as well.

marco-junge

comment created time in 13 days

created tagdigitalcoyote/NuGetDefense

tag1.0.8.0-beta

An MSBuildTask that checks for known vulnerabilities. Inspired by OWASP SafeNuGet.

created time in 13 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha e3dd4cf7e84beab82e49624b4049bd91372881ef

Transitive Dependency Checking

view details

push time in 13 days

push eventdigitalcoyote/NuGetDefenseDocs

Curtis Carter

commit sha c1f64965371d725bee7c95242bd055513d50b9b7

Initial commit

view details

push time in 13 days

created tagdigitalcoyote/chocolatey-packages

tagsourcetrail-2020.2.43

Template repository for Chocolatey Automatic Package Updater Module

created time in 13 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha 661a029f25ac30ca4a1938afdce3bd59f5ccbaa2

AU: 1 updated - sourcetrail [skip ci]

view details

push time in 13 days

release digitalcoyote/chocolatey-packages

sourcetrail-2020.2.43

released time in 13 days

create barnchdigitalcoyote/NuGetDefenseDocs

branch : master

created branch time in 13 days

created repositorydigitalcoyote/NuGetDefenseDocs

Source for the documentation site for NuGetDefense

created time in 13 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 926f181019bf13452f86340d9db99c1d24146625

adding docs/.nojekyll back

view details

push time in 14 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 259db37143a406d15809c96e7086bbc990dd5c25

Update README.md Removing some parts of the readme in favor of docs site

view details

push time in 14 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha ad79f995f2cf8554b07d06a653de6560bd053ae7

Add /docs

view details

push time in 14 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 4357df3c948d2ec93fc28cec9b92b0395c3ed800

testing .nojeklyll at root

view details

push time in 14 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 7a7de1992debda52c6ce089e781f3b542c1c96a3

Add /docs

view details

push time in 14 days

push eventdigitalcoyote/NuGetDefense

Curtis Carter

commit sha 9773560acee238dca2dbf31366876c0a4aa03790

Add /docs

view details

push time in 14 days

issue openeddigitalcoyote/NuGetDefense

Authentication for OSS Index

What is the Feature? Please describe. OSS Index has support for authentication that can be used to increase the rate limiting threshold Use Case Users with many projects and/or frequent builds may hit rate limiting errors more often.

Describe alternatives you've considered N/A, this is suggested by OSS Index

Additional context https://ossindex.sonatype.org/doc/rest

created time in 14 days

push eventdigitalcoyote/NuGetDefense.NVD

Curtis Carter

commit sha 431c50d3981568455dfb7f2634906e6d23583cdd

Readability Improvements

view details

Curtis Carter

commit sha acd418a95662cbe92e3f6decba13e5599a795d2a

Ability to Specify Output Path

view details

push time in 14 days

issue commentdigitalcoyote/chocolatey-packages

informado

https://chocolatey.org/packages/informado awaiting review

030

comment created time in 15 days

created tagdigitalcoyote/chocolatey-packages

taginformado-1.3.0

Template repository for Chocolatey Automatic Package Updater Module

created time in 15 days

release digitalcoyote/chocolatey-packages

informado-1.3.0

released time in 15 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha f886466c56d28192928d14957da2b0dad4855e80

AU: 1 updated - informado [skip ci]

view details

push time in 15 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha ddea50d8f8e0c6b255441a138e3dad64921f9cb7

Added Informado

view details

push time in 15 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha 6574425e7324ad0f029ab59fd6f0278b783cab13

Added Informado

view details

push time in 15 days

created tagdigitalcoyote/chocolatey-packages

tagdeno-1.1.2

Template repository for Chocolatey Automatic Package Updater Module

created time in 16 days

push eventdigitalcoyote/chocolatey-packages

Chocolatey

commit sha 144e4c62009b2cb098549dc77bd442b254b49997

AU: 1 updated - deno [skip ci]

view details

push time in 16 days

release digitalcoyote/chocolatey-packages

deno-1.1.2

released time in 16 days

issue commentdigitalcoyote/chocolatey-packages

informado

I've suddenly realized how much I want a basic editor built into GitHub (like Code spaces. It may be a day or two before I can get to a dev environment to work on this...

That being said, if you want to ready a package like you did with n3rd, the only changes I had to make were:

  • using raw.githack.com's CDN for the iconurl
  • setting the version to 0.0.1 so the CD detects the current version on the first run.
030

comment created time in 16 days

issue commentdigitalcoyote/NuGetDefense

NuGet Dependency Scanning

https://www-zdnet-com.cdn.ampproject.org/v/s/www.zdnet.com/google-amp/article/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies/?amp_js_v=a3&amp_gsa=1&usqp=mq331AQFKAGwASA%3D#aoh=15931954448505&referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fmore-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies%2F

Article related to the impact this could have.

digitalcoyote

comment created time in 16 days

issue commentdigitalcoyote/chocolatey-packages

multipass not working with chocolateygui

Can you try this again. I have a possible work-around, but I was able to install it with the Chocolatey GUI (Win 10 Pro 64-bit latest update). If not, if you are willing to test the install with a local package, I can send you one with the workaround.

jon-hedgerows

comment created time in 17 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha 462076521c413246e31264e5e615c638fe10917b

Update README.md Added N3DR to ReadMe

view details

push time in 17 days

push eventdigitalcoyote/chocolatey-packages

Curtis Carter

commit sha f7f08aea77a21fe1eaab80bcd235b8930632b07b

Corrected PackageSourceURL for n3dr

view details

push time in 17 days

created tagdigitalcoyote/chocolatey-packages

tagdocto-1.3

Template repository for Chocolatey Automatic Package Updater Module

created time in 17 days

more