{"id":13451107,"url":"https://github.com/security-code-scan/security-code-scan","last_synced_at":"2025-03-23T18:31:51.645Z","repository":{"id":37359699,"uuid":"115854787","full_name":"security-code-scan/security-code-scan","owner":"security-code-scan","description":"Vulnerability Patterns Detector for C# and VB.NET","archived":false,"fork":false,"pushed_at":"2024-07-08T14:28:26.000Z","size":6471,"stargazers_count":940,"open_issues_count":52,"forks_count":159,"subscribers_count":32,"default_branch":"vs2019","last_synced_at":"2024-10-28T18:14:38.501Z","etag":null,"topics":["analysis","analyzer","code","dotnet","owasp","roslyn","scan","scanner","security","static","static-analysis","static-code-analysis"],"latest_commit_sha":null,"homepage":"https://security-code-scan.github.io","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/security-code-scan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"JarLob"}},"created_at":"2017-12-31T09:38:54.000Z","updated_at":"2024-10-26T22:15:02.000Z","dependencies_parsed_at":"2024-07-31T07:12:53.799Z","dependency_job_id":"59fbd624-d19e-4707-a8b0-60a428d698c8","html_url":"https://github.com/security-code-scan/security-code-scan","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-code-scan%2Fsecurity-code-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-code-scan%2Fsecurity-code-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-code-scan%2Fsecurity-code-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-code-scan%2Fsecurity-code-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/security-code-scan","download_url":"https://codeload.github.com/security-code-scan/security-code-scan/tar.gz/refs/heads/vs2019","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245149397,"owners_count":20568899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","analyzer","code","dotnet","owasp","roslyn","scan","scanner","security","static","static-analysis","static-code-analysis"],"created_at":"2024-07-31T07:00:48.150Z","updated_at":"2025-03-23T18:31:46.608Z","avatar_url":"https://github.com/security-code-scan.png","language":"C#","readme":"[![Security Code Scan](website/images/logo.png)](https://security-code-scan.github.io)  \n*Vulnerability Patterns Detector for C# and VB.NET* - [Website](https://security-code-scan.github.io)  \n\n[![Build](https://github.com/security-code-scan/security-code-scan/actions/workflows/ci.yml/badge.svg)](https://github.com/security-code-scan/security-code-scan/actions/workflows/ci.yml)\n\n### Downloading\nOfficial releases are available as [nuget package](https://www.nuget.org/packages/SecurityCodeScan.VS2019/), [Visual Studio extension](https://marketplace.visualstudio.com/items?itemName=JaroslavLobacevski.SecurityCodeScanVS2019) and [stand-alone runner](https://www.nuget.org/packages/security-scan/).  \n\n### Building\n```\ngit clone https://github.com/security-code-scan/security-code-scan.git\ncd security-code-scan\n```\nOpen `SecurityCodeScan.sln` in Visual Studio or build from command line:\n```\nnuget restore SecurityCodeScan.sln\nmsbuild SecurityCodeScan.sln\n```\n\n### Contributing\n* All documentation from the [official site](https://security-code-scan.github.io) is open-source and located in the [website](https://github.com/security-code-scan/security-code-scan/tree/vs2019/website) folder. Feel free to modify the markdown files and contribute to it.\n* You may customize the behavior of Security Code Scan by creating a local configuration file as described in [ExternalConfigurationFiles section](https://security-code-scan.github.io/#ExternalConfigurationFiles). It is easy to add new vulnerable functions (sinks) that should trigger a warning, define untrusted sources, etc. Once you think you have working configuration file you are welcome to contribute your changes to the main built-in configuration file. Ideally your Pull Request comes with tests that cover the changes.\n* Review the list of available [issues.](https://github.com/security-code-scan/security-code-scan/issues) The general understanding of Roslyn might be handy:\n  - [Use Roslyn to Write a Live Code Analyzer for Your API](https://docs.microsoft.com/en-us/archive/msdn-magazine/2014/special-issue/csharp-and-visual-basic-use-roslyn-to-write-a-live-code-analyzer-for-your-api)\n  - [Getting Started with Roslyn Analyzers](https://docs.microsoft.com/en-us/visualstudio/extensibility/getting-started-with-roslyn-analyzers?view=vs-2015\u0026redirectedfrom=MSDN)\n  - [\"Learn Roslyn Now\" by Josh Varty](https://joshvarty.com/learn-roslyn-now/)\n  - [Online syntax tree visualizer](https://sharplab.io/)\n\n### Tests\nMost of the tests are written in two languages: C# and VB.NET. If you aren't an expert in VB.NET (me neither) use [any online converter](https://converter.telerik.com/) to create the VB.NET counterpart from tested C# code example.  \nTests are ideal for developing features and fixing bugs as it is easy to debug.\n\n### Debugging\nIn case you are not sure what is wrong or you see AD0001 error with an exception, it is possible to debug the analysis of problematic Visual Studio solution.  \n\u003e Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment [the lines](https://github.com/security-code-scan/security-code-scan/blob/39912cfa53168e954b78d6eabc597e97311a54d3/SecurityCodeScan/Analyzers/Taint/TaintAnalyzer.cs#L140-L142) to have a chance to debug the child process.\n\nFirst, make sure there are no Security Code Scan Visual Studio extensions installed to avoid interference.  \nRight click `SecurityCodeScan.Vsix` project in the solution and choose `Set as StartUp project`.  \nStart debugging in Visual Studio. It will open another instance of Visual Studio with debugger attached.  \nOpen the solution with the problematic source.  \n\n","funding_links":["https://github.com/sponsors/JarLob"],"categories":["Tools","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","C\\#","C#","Popular Analyzers","Static Code Analysis"],"sub_categories":["SAST (Source Code Analysis)","功能","Static Analysis","Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurity-code-scan%2Fsecurity-code-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecurity-code-scan%2Fsecurity-code-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurity-code-scan%2Fsecurity-code-scan/lists"}