Home

DevSkim is a powerful framework of IDE plugins and language analyzers that provides inline security analysis in the development environment as the developer writes code. It is designed to work with Visual Studio and Visual Studio Code, or as a standalone command-line interface. The framework is built to give developers notifications as they introduce security vulnerabilities, allowing them to fix the issue at the point of introduction and build awareness for secure coding practices.

Using DevSkim

DevSkim can be used in various ways, including:

• IDE Extensions
  • DevSkim integrates with popular IDEs such as Visual Studio and Visual Studio Code to provide inline security analysis as you write code.
• Command Line Interface
  • DevSkim can be used as a standalone command-line interface to scan code for security vulnerabilities.
• API
  • DevSkim provides an API that can be used to integrate security analysis into your own applications.

Supported Languages

DevSkim currently includes built-in rules for the following languages:

• C
• Objective C
• C++
• C#
• Cobol
• Go
• Java
• Javascript/Typescript
• PHP
• Powershell
• Python
• Ruby
• Rust
• SQL
• Swift
• Visual Basic

Writing Rules

DevSkim's detection logic is based on regular expressions (using JavaScript/C# RegEx syntax) and can trigger additional patterns for further refinement after an initial match. Writing rules for a language not currently supported is possible.

• Writing Rules
• Testing Rules

Build from Source

If you want to build DevSkim from source, check out the Build from Source page.

Contributing

To contribute to the project, see How to Contribute.