SecurityCodeScan 3.3.0

Security static code analyzer for .NET

Requires NuGet 2.8 or higher.

Install-Package SecurityCodeScan -Version 3.3.0
dotnet add package SecurityCodeScan --version 3.3.0
<PackageReference Include="SecurityCodeScan" Version="3.3.0">
  <PrivateAssets>all</PrivateAssets>
  <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SecurityCodeScan --version 3.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Security static code analyzer for .NET

Website

  • Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

  • Taint analysis to track user input data.

  • One click refactoring for some vulnerabilities.

  • Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.

  • Continuous Integration (CI) through MSBuild. For Unix CI runners please use VS2017 nuget package.

  • Works with Visual Studio 2015 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.

  • Open Source

Security static code analyzer for .NET

Website

  • Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

  • Taint analysis to track user input data.

  • One click refactoring for some vulnerabilities.

  • Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.

  • Continuous Integration (CI) through MSBuild. For Unix CI runners please use VS2017 nuget package.

  • Works with Visual Studio 2015 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.

  • Open Source

Release Notes

https://security-code-scan.github.io/#ReleaseNotes

Dependencies

This package has no dependencies.

Showing the top 1 GitHub repositories that depend on SecurityCodeScan:

Repository Stars
dotnet/orleans
Orleans - Distributed Virtual Actor Model

Version History

Version Downloads Last updated
3.3.0 45 9/13/2019
3.2.0 34,896 4/20/2019
3.1.0 3,279 4/4/2019
3.0.0 63,941 12/3/2018
2.8.0 44,139 7/23/2018
2.7.1 88,761 5/22/2018
2.7.0 111,796 4/6/2018
2.6.1 3,811 2/23/2018
2.6.0 357 2/21/2018
2.5.0 1,082 1/25/2018
2.4.1 375 12/31/2017