Home

DevSkim is a framework of IDE plugins and language analyzers that provide inline security analysis in the dev environment as the developer writes code. It is designed to work with multiple IDEs (VS, VS Code, Sublime Text, etc.) or as a standalone command line interface, and has a flexible rule model that supports multiple programming languages. The idea is to give the developer notification as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.

Using DevSkim

• IDE Extensions
• Command Line Interface
• API
• Writing Rules
• Testing Rules

Supported Languages

Current built-in rules include support for:

• C
• Objective C
• C++
• C#
• Cobol
• Go
• Java
• Javascript/Typescript
• PHP
• Powershell
• Python
• Ruby
• Rust
• SQL
• Swift
• Visual Basic

Rules in DevSkim are fairly simple. The detection logic is a regular expression (based on JavaScript/C# RegEx syntax) with the ability to trigger additional patterns for further refinement after an initial match. Writing a rule for a language not in the list above is possible. For more information, see Writing Rules.

Build from Source

• [[Build from Source]

Contributing

• How to Contribute