-
Notifications
You must be signed in to change notification settings - Fork 115
Home
DevSkim is a powerful framework of IDE plugins and language analyzers that provides inline security analysis in the development environment as the developer writes code. It is designed to work with Visual Studio and Visual Studio Code, or as a standalone command-line interface. The framework is built to give developers notifications as they introduce security vulnerabilities, allowing them to fix the issue at the point of introduction and build awareness for secure coding practices.
DevSkim's detection logic is based on regular expressions (using JavaScript/C# RegEx syntax) and can trigger additional patterns for further refinement after an initial match. Writing a rule for a language not currently supported is possible. For more information, see Writing Rules.
If you want to build DevSkim from source, check out the Build from Source page. To contribute to the project, see How to Contribute.
DevSkim can be used in various ways, including:
-
IDE Extensions
- DevSkim integrates with popular IDEs such as Visual Studio and Visual Studio Code to provide inline security analysis as you write code.
-
Command Line Interface
- DevSkim can be used as a standalone command-line interface to scan code for security vulnerabilities.
-
API
- DevSkim provides an API that can be used to integrate security analysis into your own applications.
-
Writing Rules
- DevSkim's detection logic is based on regular expressions, and you can write your own rules for languages not currently supported.
-
Testing Rules
- DevSkim provides a testing framework to help you test your rules.
DevSkim currently includes built-in rules for the following languages:
- C
- Objective C
- C++
- C#
- Cobol
- Go
- Java
- Javascript/Typescript
- PHP
- Powershell
- Python
- Ruby
- Rust
- SQL
- Swift
- Visual Basic