The extension implements a security linter within Visual Studio, leveraging the rules from the DevSkim repository. It helps software engineers to write secure code by flagging potentially dangerous calls, and where possible, by giving in-context advice for remediation.

DevSkim is currently in public preview. We're looking forward to working with the community to improve both the scanning engines and rules over the next few months, and welcome your feedback and contributions!

Download the extension from the Releases page and install the Microsoft.DevSkim.VSExtension.vsix file. The extension will also be available in the Visual Studio Marketplace shortly.

Microsoft Windows 7 and later

The extension is available for Visual Studio 2015 and Visual Studio 2017.

The extension supports both built-in and custom rules.

Built-in rules come from the DevSkim repository, and must be stored in the rules directory within the Microsoft.DevSkim.VSExtension directory.

Rules are organized by subdirectory and file, but are flattened internally when loaded.

Each rule contains a set of patterns (strings and regular expressions) to match, a list of file types to apply the rule to, and, optionally, a list of possible code fixes.

For more information on rules format, see Writing-Rules.

Please see CONTRIBUTING for information on reporting issues and contributing code.