Security static code analyzer for .NET

Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.
Basic intraprocedural taint analysis for input data.
Analyzes .NET and .NET Core projects in a background (IntelliSense) or during a build.
Continuous Integration (CI) with GitHub action or through MSBuild.
Works with Visual Studio 2019 or higher. Visual Studio Community, Professional and Enterprise editions are supported. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too.
Open Source

Security Code Scan (for VS2019 and newer)