Vulnerability Patterns Detector for C# and VB.NET - Website
git clone https://github.com/security-code-scan/security-code-scan.git cd security-code-scan
SecurityCodeScan.sln in Visual Studio or build from command line:
nuget restore SecurityCodeScan.sln msbuild SecurityCodeScan.sln
Most of the tests are written in two languages: C# and VB.NET. If you aren't an expert in VB.NET (me neither) use any online converter to create the VB.NET counterpart from tested C# code example.
Tests are ideal for developing features and fixing bugs as it is easy to debug.
In case you are not sure what is wrong or you see AD0001 error with an exception, it is possible to debug the analysis of problematic Visual Studio solution.
Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment the lines to have a chance to debug the child process.
First, make sure there are no Security Code Scan Visual Studio extensions installed to avoid interference.
SecurityCodeScan.Vsix project in the solution and choose
Set as StartUp project.
Start debugging in Visual Studio. It will open another instance of Visual Studio with debugger attached.
Open the solution with the problematic source.