CHG.Extensions.Security.Txt 1.1.1

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package CHG.Extensions.Security.Txt --version 1.1.1
                    


                    

                
NuGet\Install-Package CHG.Extensions.Security.Txt -Version 1.1.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="CHG.Extensions.Security.Txt" Version="1.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="CHG.Extensions.Security.Txt" Version="1.1.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="CHG.Extensions.Security.Txt" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add CHG.Extensions.Security.Txt --version 1.1.1
                    


                    

                
#r "nuget: CHG.Extensions.Security.Txt, 1.1.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package CHG.Extensions.Security.Txt@1.1.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=CHG.Extensions.Security.Txt&version=1.1.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=CHG.Extensions.Security.Txt&version=1.1.1
                    


                            Install as a Cake Tool

CHG.Extensions.Security.Txt

Build NuGet Version License

Maintainability Rating Reliability Rating Security Rating Bugs Vulnerabilities Coverage

Provides a middleware to represent the "security.txt" for ASP.NET Core applications. Security.txt is a proposed standard which allows websites to define security policies, more details see https://securitytxt.org/.

The security.txt page will be shown under /.well-known/security.txt. Optionally, the url /security.txt will be redirected to the main url.

Usage

Install the NuGet package CHG.Extensions.Security.Txt. There are 3 ways the content of the security.txt can be defined.

public void ConfigureServices(IServiceCollection services)
{
   ...
    services.AddSecurityText(builder => ...);
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    ...
    app.UseSecurityText();
    ...
    app.UseMvc();
}

Using a pre-defined text file

You can use a predefined text file which is deployed with your application.

public void ConfigureServices(IServiceCollection services)
{
   ...

    services.AddSecurityText(builder =>
       builder.ReadFromFile(Environment.WebRootFileProvider.GetFileInfo("companySecurityinfo.txt"))
    );

    // or via path
     services.AddSecurityText(builder =>
       builder.ReadFromFile("./content/companySecurityinfo.txt"))
    );
   ...
}

Using values from configuration file

It's also possible to read the fields from the configuration.

public void ConfigureServices(IServiceCollection services)
{
    ...

    services.AddSecurityText(builder =>
       builder.ReadFromConfiguration(Configuration.GetSection("SecurityText"))
    );
}

The json configuration file should look like:

{
  "SecurityText": {
    "Introduction": "The ACME Security information.",
    "Contact": "mailto:security@example.com;tel:+1-201-555-0123",
    "Encryption": "https://example.com/pgp-key.txt",
    "Signature": "https://example.com/.well-known/security.txt.sig",
    "Policy": "https://example.com/security-policy.html",
    "Acknowledgments": "https://example.com/hall-of-fame.html",
    "Hiring": "https://example.com/jobs.html",
    "Permission": "none",
    "ValidateValues": true
  }
}

or

{
  "SecurityText": {
    "Redirect": "https://example.com/.well-known/security.txt"
  }
}

Using code to define values

The fields can also be set via code:

public void ConfigureServices(IServiceCollection services)
{
...
    services.AddSecurityText(builder => { builder
        .SetContact("mailto:security@example.com")
        .SetPolicy("https://example.com/security-policy.html");
    });

    // or as a redirect
    services.AddSecurityText(builder => { builder
        .SetRedirect("https://example.com/.well-known/security.txt");
    });
}

Validation

Per default all values (except when given via file) will be validated. The validation can be disabled either via the ValidateValues configuration key when using config file or via the DisableValidation method.

Code of Conduct

This project and everyone participating in it is governed by the CHG-MERIDIAN Code of Conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to developers@chg-meridian.com.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.1.1 931 10/1/2024
1.0.3 21,095 6/26/2020
1.0.2 589 6/26/2020
1.0.1 571 6/25/2020
1.0.0 732 3/12/2019
0.2.1 674 3/8/2019
0.2.0 796 1/10/2019
0.1.1 907 9/14/2018
0.1.0 878 9/11/2018