-
Notifications
You must be signed in to change notification settings - Fork 116
Home
DevSkim is a powerful framework of IDE plugins and language analyzers that provides inline security analysis in the development environment as the developer writes code. It is designed to work with Visual Studio and Visual Studio Code, or as a standalone command-line interface. The framework is built to give developers notifications as they introduce security vulnerabilities, allowing them to fix the issue at the point of introduction and build awareness for secure coding practices.
DevSkim can be used in various ways, including:
-
IDE Extensions
- DevSkim integrates with popular IDEs such as Visual Studio and Visual Studio Code to provide inline security analysis as you write code.
-
Command Line Interface
- DevSkim can be used as a standalone command-line interface to scan code for security vulnerabilities.
-
API
- DevSkim provides an API that can be used to integrate security analysis into your own applications.
DevSkim currently includes built-in rules for the following languages:
- C
- Objective C
- C++
- C#
- Cobol
- Go
- Java
- Javascript/Typescript
- PHP
- Powershell
- Python
- Ruby
- Rust
- SQL
- Swift
- Visual Basic
DevSkim's detection logic is based on regular expressions (using JavaScript/C# RegEx syntax) and can trigger additional patterns for further refinement after an initial match. Writing rules for a language not currently supported is possible.
If you want to build DevSkim from source, check out the Build from Source page.
To contribute to the project, see How to Contribute.