The extension implements a security linter within the Visual Studio 2015, leveraging the rules from the DevSkim repo. It helps software engineers to write secure code by flagging potentially dangerous calls, and gives in-context advice for remediation.
DevSkim is currently in public preview. We're looking forward to working with the community to improve both the scanning engines and rules over the next few months, and welcome your feedback and contributions!
Clone the extensions and rules repos directly, build it and install the DevSkim.vsix file. This extension will be available in the Visual Studio marketplace shortly.
Microsoft Windows 7 and later
The extension requires Visual Studio 2015 and higher
The extension supports both built-in and custom rules:
Built-in rules come from the DevSkim repo, and must be stored
in the rules directory within the Microsoft.DevSkim.VSExtension directory.
Rules are organized by subdirectory and file, but are flattened internally when loaded.
Each rule contains a set of patterns (strings and regular expressions) to match, a list of file types to apply the rule to, and, optionally, a list of possible code fixes. For more information on rules format, see WiKi.
Please see CONTRIBUTING for information on reporting issues and contributing code.
See tips and known issues in the wiki page.