This extension is legacy and is no longer maintained, please use SecurityCodeScan VS2019 instead.

Security static code analyzer for .NET

Website

• Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

• Basic intraprocedural taint analysis for input data.

• Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.

• Continuous Integration (CI) through MSBuild. For Unix CI runners please use VS2017 nuget package.

• Works with Visual Studio 2015 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.

• Open Source