chore(common): link security resources for nuget feed setup

marin-bratanov · marin-bratanov · commit 7e6593dd73ba · 2021-03-21T19:16:48.000+02:00
diff --git a/_contentTemplates/common/issues-and-warnings.md b/_contentTemplates/common/issues-and-warnings.md
@@ -22,3 +22,15 @@ Open the Client `.csproj` file and ensure that the following switch is present.
 >note For performance reasons, the component does not re-render after this event, even though it is an `EventCallback`. This means that you cannot change its settings such as dimensions, or settings/parameters of child components in it.
 #end
 
+
+#nuget-security-links
+You may find useful the following Microsoft articles on securing your NuGet feed setup and supply chain as general best practices:
+
+* <a href="https://devblogs.microsoft.com/nuget/lock-down-your-dependencies-using-configurable-trust-policies/" target="_blank">Lock down your dependencies using configurable trust policies - Blog Post</a>
+
+* <a href="https://devblogs.microsoft.com/nuget/how-to-scan-nuget-packages-for-security-vulnerabilities/" target="_blank">How to Scan NuGet Packages for Security Vulnerabilities - Blog Post</a>
+
+* <a href="https://docs.microsoft.com/en-us/nuget/concepts/security-best-practices" target="_blank">Best practices for a secure software supply chain - MSDN docs</a>
+
+Telerik is working on providing signed packages that you can verify, you can Follow the status of this enhancement <a href="https://feedback.telerik.com/blazor/1510495-provide-signed-nuget-packages" target="_blank">here</a>.
+#end
diff --git a/deployment/ci-cd-build-server.md b/deployment/ci-cd-build-server.md
@@ -100,6 +100,13 @@ Finally, you need a `nuget.config` file that lists the Telerik server in the `pa
 
 >warning GitHub does not allow secrets to be used in workflows that have been [triggered by a pull request event](https://docs.github.com/en/actions/reference/events-that-trigger-workflows). In such a case, the runner will not be able to authenticate with the Telerik NuGet server and the job will expectedly fail.
 
+
+
+## Further Reading
+
+@[template](/_contentTemplates/common/issues-and-warnings.md#nuget-security-links)
+
+
 ## See Also
 
 * [Blog Post: Azure DevOps and Telerik NuGet Packages](https://www.telerik.com/blogs/azure-devops-and-telerik-nuget-packages)
diff --git a/installation/nuget.md b/installation/nuget.md
@@ -103,7 +103,9 @@ To use a `nuget.config` file for the Telerik feed, you need to:
 @[template](/_contentTemplates/common/get-started.md#after-install)
 
 
+## Further Reading
 
+@[template](/_contentTemplates/common/issues-and-warnings.md#nuget-security-links)
 
 ## See Also
 
