dg-code
1.0.0-beta.2
See the version list below for details.
dotnet tool install --global dg-code --version 1.0.0-beta.2
dotnet new tool-manifest
dotnet tool install --local dg-code --version 1.0.0-beta.2
#tool dotnet:?package=dg-code&version=1.0.0-beta.2&prerelease
nuke :add-package dg-code --version 1.0.0-beta.2
dg-code - IronBox DataGuard Code Analyzer
Version: 1.0.0-beta.2 | NuGet
Beta Release: This software is in beta. Features may change and some functionality may be incomplete. Please report issues to support@ironbox.io.
Roslyn-based security analyzer for C#/.NET projects with 400+ rules covering multiple Azure services (Storage, Key Vault, Cosmos DB, SQL, Service Bus, Functions, and more). Collects evidence for compliance workflows. SARIF output for GitHub Actions and Azure DevOps.
Quick Start
# Install
dotnet tool install --global dg-code
# Scan a solution
dg-code scan --path ./MySolution.sln
# Generate SARIF for CI/CD
dg-code scan --path ./src --format sarif --output results.sarif
Features
- 400+ Security Rules - Covering Azure Storage, Key Vault, Cosmos DB, SQL, Service Bus, Event Hubs, Functions, App Service, Redis, and more
- SARIF Output - Industry standard format for GitHub Actions and Azure DevOps integration
- Baseline Support - Incremental adoption without breaking existing builds
- Scope Filtering - Target specific Azure services or rule categories
- Parallel Execution - Fast scanning of large solutions
- Evidence Collection - Collect findings for compliance workflows
Installation
Install as a .NET global tool:
# Install beta version
dotnet tool install --global dg-code --version 1.0.0-beta.2
# Or install latest (including prereleases)
dotnet tool install --global dg-code --prerelease
Update to latest version:
dotnet tool update --global dg-code
Uninstall:
dotnet tool uninstall --global dg-code
Usage
dg-code --help
Commands
scan - Security Analysis (Primary Command)
Scan C# solutions or projects for security issues.
Basic usage:
dg-code scan --path MySolution.sln
SARIF output for CI:
dg-code scan --path ./src --format sarif --output results.sarif
Filter by severity:
dg-code scan --path MySolution.sln --severity warning
Filter by Azure service:
# Scan only Azure Storage issues
dg-code scan --path MySolution.sln --service MSAzureStorage
# Scan multiple services
dg-code scan --path MySolution.sln --service MSAzureStorage,MSAzureCosmosDB
Use with baseline (incremental adoption):
dg-code scan --path MySolution.sln --baseline baseline.json
Options:
| Option | Description |
|--------|-------------|
| --path | Path to solution (.sln) or project (.csproj) - required |
| --format | Output format: console (default), sarif, json, text |
| --output | Output file path (auto-quiets progress when used with sarif/json) |
| --severity | Minimum severity: hidden, info, warning, error |
| --fail-on | Exit with error on: never, info, warning, error (default) |
| --service | Filter by Azure service (comma-separated) |
| --baseline | Baseline file for incremental adoption |
| --api-key | API key for Pro/Enterprise features |
| --include-snippets | Include source code snippets in findings (default: off) |
| --parallel | Enable parallel execution (default: true) |
| --quiet | Suppress progress output |
| --verbose | Enable verbose output |
Output Formats:
| Format | Description |
|--------|-------------|
| console | Human-readable output to terminal (default) |
| sarif | SARIF 2.1.0 standard - integrates with GitHub, Azure DevOps, VS Code |
| json | Simple JSON summary with project details |
| text | Plain text report suitable for CI logs |
login - Save API Key
Save your API key for Pro/Enterprise features.
# Interactive login
dg-code login
# Or provide key directly
dg-code login sk_live_your_api_key
logout - Remove API Key
Remove saved API key.
dg-code logout
status - Show License Status
Display current license tier and status.
dg-code status
baseline - Manage Baselines
Create and manage baselines for incremental adoption.
# Create baseline from current findings
dg-code baseline create --path MySolution.sln --output baseline.json
# Scan using baseline (only new issues fail build)
dg-code scan --path MySolution.sln --baseline baseline.json
list-services - Discover Available Services
dg-code list-services
list-analyzers - Discover Available Analyzers
dg-code list-analyzers
dg-code list-analyzers --service MSAzureStorage
CI/CD Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.0.x'
- name: Install dg-code
run: dotnet tool install --global dg-code
- name: Run Security Scan
run: dg-code scan --path ./MySolution.sln --format sarif --output results.sarif
continue-on-error: true
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Azure DevOps
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: UseDotNet@2
inputs:
version: '8.0.x'
- script: dotnet tool install --global dg-code
displayName: 'Install dg-code'
- script: dg-code scan --path $(Build.SourcesDirectory)/MySolution.sln --format sarif --output $(Build.ArtifactStagingDirectory)/results.sarif
displayName: 'Run Security Scan'
continueOnError: true
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: '$(Build.ArtifactStagingDirectory)/results.sarif'
artifactName: 'SecurityScan'
Supported Azure Services
| Service | Service Code |
|---|---|
| Azure Storage | MSAzureStorage |
| Azure Key Vault | MSAzureKeyVault |
| Azure Cosmos DB | MSAzureCosmosDB |
| Azure SQL | MSAzureSQL |
| Azure MySQL | MSAzureMySQL |
| Azure PostgreSQL | MSAzurePostgreSQL |
| Azure Redis | MSAzureRedis |
| Azure Service Bus | MSAzureServiceBus |
| Azure Event Hubs | MSAzureEventHubs |
| Azure Functions | MSAzureFunctions |
| Azure App Service | MSAzureAppService |
| Azure App Configuration | MSAzureAppConfiguration |
| Azure Identity | MSAzureIdentity |
| Azure Virtual Machines | MSAzureVirtualMachines |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success - no issues or only informational |
| 1 | Warnings found |
| 2 | Errors found |
| 3 | Internal failure |
Licensing
During beta, all features are free. After 1.0 stable release, a tiered licensing model (Free/Pro/Enterprise) will be introduced. Visit https://www.ironbox.io for details.
Configuration File
Create a dataguard.json file:
{
"path": "./MySolution.sln",
"format": "sarif",
"output": "results.sarif",
"severity": "warning",
"failOn": "error",
"parallel": true,
"quiet": false,
"includeSnippets": false
}
Use with:
dg-code scan --config dataguard.json
Requirements
- .NET 8.0 or .NET 9.0 SDK
- MSBuild (included with .NET SDK or Visual Studio)
License
Copyright © 2025-2026 IronBox. All rights reserved.
This software is licensed under the IronBox End User License Agreement (EULA). See LICENSE.txt for details.
Support
- Website: https://www.ironbox.io
- Email: support@ironbox.io
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0-beta.7 | 32 | 3/19/2026 |
| 1.0.0-beta.6 | 37 | 3/7/2026 |
| 1.0.0-beta.4 | 40 | 3/3/2026 |
| 1.0.0-beta.3 | 42 | 3/3/2026 |
| 1.0.0-beta.2 | 45 | 3/3/2026 |
See CHANGELOG.md for release notes