SecurityCodeScan 3.3.0

Security static code analyzer for .NET

Requires NuGet 2.8 or higher.

Install-Package SecurityCodeScan -Version 3.3.0
dotnet add package SecurityCodeScan --version 3.3.0
<PackageReference Include="SecurityCodeScan" Version="3.3.0">
  <PrivateAssets>all</PrivateAssets>
  <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add SecurityCodeScan --version 3.3.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Security static code analyzer for .NET

Website

  • Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

  • Taint analysis to track user input data.

  • One click refactoring for some vulnerabilities.

  • Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.

  • Continuous Integration (CI) through MSBuild. For Unix CI runners please use VS2017 nuget package.

  • Works with Visual Studio 2015 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.

  • Open Source

Security static code analyzer for .NET

Website

  • Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

  • Taint analysis to track user input data.

  • One click refactoring for some vulnerabilities.

  • Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.

  • Continuous Integration (CI) through MSBuild. For Unix CI runners please use VS2017 nuget package.

  • Works with Visual Studio 2015 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.

  • Open Source

Release Notes

https://security-code-scan.github.io/#ReleaseNotes

Dependencies

This package has no dependencies.

Showing the top 2 GitHub repositories that depend on SecurityCodeScan:

Repository Stars
dotnet/orleans
Orleans is a cross-platform framework for building distributed applications with .NET
umbraco/Umbraco-CMS
The simple, flexible and friendly ASP.NET CMS used by more than 500.000 websites

Version History

Version Downloads Last updated
3.3.0 17,430 9/13/2019
3.2.0 56,318 4/20/2019
3.1.0 3,802 4/4/2019
3.0.0 85,004 12/3/2018
2.8.0 51,600 7/23/2018
2.7.1 92,822 5/22/2018
2.7.0 125,544 4/6/2018
2.6.1 3,859 2/23/2018
2.6.0 372 2/21/2018
2.5.0 1,098 1/25/2018
2.4.1 410 12/31/2017