NuGet Use HTTPS with remote repositories

ID

use_https_remote_repositories_nuget

Severity

low

Family

Use HTTPS with remote repositories

Tags

reachable

Description

The access to remote repositories must be used with HTTPS protocol.

Security

If you use https protocol man-in-the-middle attacks can be avoided.

Examples

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="contoso.com" value="http://contoso.com/packages/" />
  </packageSources>

  ...
</configuration>

Mitigation / Fix

You can remove the repositories from the configuration files or use HTTPS protocol if it is available.