SmartSecureAnalyzer 1.0.4

.NET 8.0

dotnet add package SmartSecureAnalyzer --version 1.0.4

NuGet\Install-Package SmartSecureAnalyzer -Version 1.0.4

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="SmartSecureAnalyzer" Version="1.0.4" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="SmartSecureAnalyzer" Version="1.0.4" />
                    

                            Directory.Packages.props

<PackageReference Include="SmartSecureAnalyzer" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add SmartSecureAnalyzer --version 1.0.4

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: SmartSecureAnalyzer, 1.0.4"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package SmartSecureAnalyzer@1.0.4

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=SmartSecureAnalyzer&version=1.0.4
                    

                            Install as a Cake Addin

#tool nuget:?package=SmartSecureAnalyzer&version=1.0.4
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

🛡️ SmartSecureAnalyzer

SmartSecureAnalyzer is a powerful static code analysis tool built in C# (.NET) and PowerShell designed to detect insecure coding patterns, hardcoded credentials, and common security vulnerabilities in source code across multiple languages.

It’s designed for DevSecOps pipelines, CI/CD integrations, and local developer validation — providing actionable insights before your code reaches production.

🚀 Features

🔍 Detects common insecure patterns (e.g., eval(), weak hashing, hardcoded secrets, insecure file paths).
🧩 Supports multi-language scanning (C#, JavaScript, Python, PHP, etc.).
🧠 Regex-based pattern scanning + Roslyn analysis for .NET projects.
⚙️ Integration-friendly PowerShell script for CI/CD (Jenkins, GitHub Actions, Azure DevOps).
📊 Generates summary reports with counts, severity, and recommendations.
🧾 Optional build failure flag for critical vulnerabilities.

🏗️ Architecture Overview

SmartSecureAnalyzer/
│
├── analyzer/
│   ├── SmartSecureAnalyzer.csproj        # Core analyzer library
│   ├── Analyzers/
│   │   ├── HardcodedSecretAnalyzer.cs
│   │   ├── InsecureHashAnalyzer.cs
│   │   ├── UnsafeEvalAnalyzer.cs
│   │   └── FilePermissionAnalyzer.cs
│   └── Reports/
│       ├── SecurityReportGenerator.cs
│       └── ReportTemplates/
│
├── scripts/
│   └── RunSmartSecureAnalyzer.ps1        # PowerShell runner for CI/CD
│
├── SmartSecureAnalyzer.nuspec            # NuGet metadata (optional)
└── README.md

💡 Installation

Option 1: Local Development

git clone https://github.com/your-org/SmartSecureAnalyzer.git
cd SmartSecureAnalyzer
dotnet build

Option 2: NuGet (when published)

dotnet add package SmartSecureAnalyzer

Option 3: PowerShell Script Execution

Set-ExecutionPolicy RemoteSigned -Scope Process
.\scripts\RunSmartSecureAnalyzer.ps1 -Path "D:\MyProject" -Output "D:\Reports"

⚙️ PowerShell Script Parameters

Parameter	Description	Example
`-Path`	Path to source code to scan	`-Path "D:\MyApp"`
`-Output`	Directory where reports will be saved	`-Output "D:\ScanReports"`
`-Severity`	Minimum severity to include (`Low`, `Medium`, `High`)	`-Severity "Medium"`
`-FailOnCritical`	Fails build if high-risk issues found	`-FailOnCritical $true`

📄 Example Output

Console Output

[INFO] Scanning D:\MyApp ...
[WARN] Hardcoded password found in Config.cs:42
[CRITICAL] Insecure MD5 usage in HashHelper.cs:17
[INFO] Scan completed: 5 issues found (2 High, 2 Medium, 1 Low)

Generated Report (JSON & HTML)

{
  "Summary": {
    "FilesScanned": 120,
    "IssuesFound": 5,
    "Critical": 2,
    "Medium": 2,
    "Low": 1
  },
  "Findings": [
    {
      "Type": "Hardcoded Secret",
      "File": "Config.cs",
      "Line": 42,
      "Severity": "High",
      "Recommendation": "Use environment variables or secure vaults."
    }
  ]
}

🔐 OWASP A1–A10 Detection (Next Release)

SmartSecureAnalyzer roadmap includes detecting vulnerabilities based on the OWASP Top 10:

OWASP Category	Planned Detection
A1: Injection	SQL, LDAP, Command, and NoSQL injection patterns
A2: Broken Authentication	Hardcoded tokens, weak password logic
A3: Sensitive Data Exposure	Plaintext secrets, insecure file writes
A4: Insecure Design	Dangerous API calls, missing input validation
A5: Security Misconfiguration	Debug mode, open CORS, missing HTTPS
A6: Vulnerable Components	Dependency version checks
A7: Identification and Auth Failures	Insecure session handling
A8: Software Integrity Failures	Tampering indicators
A9: Logging/Monitoring Failures	Missing audit logs
A10: SSRF	External URL fetches without validation

🧩 Planned Enhancements

✅ Detect OWASP A1–A10 patterns — SQL Injection, hardcoded secrets, insecure deserialization, etc.
✅ Integrate SonarQube or Semgrep CLI inside build hooks for hybrid scanning.
✅ Add Roslyn Code Fix Providers — automatically suggest secure alternatives in Visual Studio.
✅ Generate Security Reports at Build Time in HTML, CSV, and JSON formats.
✅ Git Pre-Commit Hook Support — prevent insecure commits.
✅ Central Dashboard — visualize vulnerabilities across projects.

🧰 Example: Integrating in Jenkins

stage('Security Scan') {
    steps {
        powershell '''
        Set-ExecutionPolicy RemoteSigned -Scope Process
        .\scripts\RunSmartSecureAnalyzer.ps1 -Path "D:\MyProject" -Output "D:\Reports" -FailOnCritical $true
        '''
    }
}

📦 Output Reports

Format	Description
`.json`	Machine-readable summary for CI/CD
`.html`	Developer-friendly report with highlights
`.csv`	Export for Excel or audit
`.pdf`	Optional detailed vulnerability report

🧑‍💻 Contributing

Fork this repository
Create your feature branch (git checkout -b feature/owasp-scan)
Commit your changes (git commit -m 'Add OWASP pattern detection')
Push to the branch (git push origin feature/owasp-scan)
Open a Pull Request 🚀

🧾 License

This project is licensed under the MIT License — feel free to use and modify.

📧 Contact

Author: Rejith Kumar
Email: rejithsham296@outlook.com
NuGet ID: SmartSecureAnalyzer
Website: https://hashtagtrnd.com

💬 SmartSecureAnalyzer — because secure code is smart code.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.4	32	2/25/2026
1.0.3	562	11/7/2025
1.0.2	139	11/1/2025
1.0.1	141	11/1/2025
1.0.0	139	11/1/2025