BinSkim Binary Analyzer

This repository contains the source code for BinSkim, a Portable Executable (PE) light-weight scanner that validates compiler/linker settings and other security-relevant binary characteristics.

For Developers

Fork the repository -- Need Help?
Load and compile src\BinSkim.sln to develop changes for contribution.
Execute BuildAndTest.cmd at the root of the enlistment to validate before submitting a PR.

Submit Pull Requests

Run BuildAndTest.cmd at the root of the enlistment to ensure that all tests pass, release build succeeds, and NuGet packages are created
Submit a Pull Request to the 'develop' branch -- Need Help?

For Users

Download BinSkim from NuGet
Read the User Guide
Find out more about the Static Analysis Results Interchange Format (SARIF) used to output Binskim results

Command-Line Quick Guide

Argument (short form, long form)	Meaning
`--sympath`	Symbols path value (e.g. `SRV http://msdl.microsoft.com/download/symbols or Cache d:\symbols;Srv http://symweb`)
`-o, --output`	File path used to write and output analysis using SARIF
`-r, --recurse`	Recurse into subdirectories when evaluating file specifier arguments
`-c, --config`	(Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings
`-q, --quiet`	Do not log results to the console
`-s, --statistics`	Generate timing and other statistics for analysis session
`-h, --hashes`	Output hashes of analysis targets when emitting SARIF reports
`-e, --environment`	Log machine environment details of run to output file. WARNING: This option records potentially sensitive information (such as all environment variable values) to the log file.
`-p, --plugin`	Path to plugin that will be invoked against all targets in the analysis set.
`--level`	Filter output of scan results to one or more failure levels. Valid values: Error, Warning and Note.
`--kind`	Filter output one or more result kinds. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational.
`--trace`	Execution traces, expressed as a semicolon-delimited list, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad.
`--help`	Table of argument information.
`--version`	BinSkim version details.
`value pos. 0`	One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.

Example: binskim.exe analyze c:\bld\*.dll --recurse --output MyRun.sarif

Name		Name	Last commit message	Last commit date
Latest commit History 515 Commits
.github		.github
.nuget		.nuget
.vscode		.vscode
docs		docs
refs		refs
src		src
.coby.yml		.coby.yml
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
BinSkim.png		BinSkim.png
BuildAndTest.cmd		BuildAndTest.cmd
BuildAndTest.sh		BuildAndTest.sh
BuildPackages.cmd		BuildPackages.cmd
CreateLayoutDirectory.cmd		CreateLayoutDirectory.cmd
CreatePackagesFromLayoutDirectory.cmd		CreatePackagesFromLayoutDirectory.cmd
DelistCurrentPackages.cmd		DelistCurrentPackages.cmd
LICENSE		LICENSE
PublishSignedPackages.cmd		PublishSignedPackages.cmd
README.md		README.md
SetCurrentVersion.cmd		SetCurrentVersion.cmd
ado-build.yml		ado-build.yml

License

michaelcfanning/binskim

Folders and files

Latest commit

History

Repository files navigation

BinSkim Binary Analyzer

For Developers

Submit Pull Requests

For Users

Command-Line Quick Guide

About

Resources

License

Stars

Watchers

Forks

Languages