Download
Detects various security vulnerability patterns. SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc. Inter-procedural taint analysis for input data. Continuous Integration (CI) support for GitHub and GitLab pipelines. Stand-alone runner or through MSBuild for custom integrations. Analyzes .NET and .NET Core projects in the background (IntelliSense) or during a build. Works with Visual Studio 2019 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn-based analyzers like Rider or OmniSharp should work too. Security Code Scan (SCS) is not a Linter. It is a real static analysis tool that does extensive computations. Thus installing it as a Visual Studio extension or NuGet package will slow down your Visual Studio IDE.
Features
- Detects various security vulnerability patterns
- Inter-procedural taint analysis for input data
- Continuous Integration (CI) support for GitHub and GitLab pipelines
- Stand-alone runner or through MSBuild for custom integrations
- Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build
- Works with Visual Studio 2019 or higher
Project Samples
