The more common use case of SCS would be running it in CI/CD pipeline. The VS extension installation is intented for security engineers and researchers who need to scan different software products and having SCS always running is convenient for the use case.
Thus installing it as a Visual Studio extension or NuGet package will slow down your Visual Studio IDE. It is a real static analysis tool that does extensive computations. ⚠️ Warning: Security Code Scan (SCS) is not a Linter. Other editors that support Roslyn based analyzers like Rider or OmniSharp should work too. Visual Studio Community, Professional and Enterprise editions are supported. NET Core projects in a background (IntelliSense) or during a build. Stand-alone runner or through MSBuild for custom integrations.Īnalyzes.
Inter-procedural taint analysis for input data.Ĭontinuous Integration (CI) support for GitHub and GitLab pipelines. Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.
