/security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

Primary LanguageC#GNU Lesser General Public License v3.0LGPL-3.0

Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET - Website

Build

Downloading

Official releases are available as nuget package, Visual Studio extension and stand-alone runner.

Building

git clone https://github.com/security-code-scan/security-code-scan.git
cd security-code-scan

Open SecurityCodeScan.sln in Visual Studio or build from command line:

nuget restore SecurityCodeScan.sln
msbuild SecurityCodeScan.sln

Contributing

Tests

Most of the tests are written in two languages: C# and VB.NET. If you aren't an expert in VB.NET (me neither) use any online converter to create the VB.NET counterpart from tested C# code example.
Tests are ideal for developing features and fixing bugs as it is easy to debug.

Debugging

In case you are not sure what is wrong or you see AD0001 error with an exception, it is possible to debug the analysis of problematic Visual Studio solution.

Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment the lines to have a chance to debug the child process.

First, make sure there are no Security Code Scan Visual Studio extensions installed to avoid interference.
Right click SecurityCodeScan.Vsix project in the solution and choose Set as StartUp project.
Start debugging in Visual Studio. It will open another instance of Visual Studio with debugger attached.
Open the solution with the problematic source.