OneBranch SDL
SDL violations for Nuget Multifeed Config
Symptoms
If you get S360 violations for SDL or your OneBranch builds are breaking
Cause
The Template project creates Nuget Config files with artifact feeds for azure-sdk-for-net and nuget.org. Having multiple feeds is a security vulnerability and violates the SDL.
Workaround
Create your own ADO Artifact Feed, and add https://api.nuget.org/v3/index.json
and azure-feed://azure-sdk/public/azure-sdk-for-net@Local
as upstream feeds. This enables you to only specify your package feed, and then have your feed pull from the upstream feeds.