Awesome Open Source
Awesome Open Source

Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET - Website

Build status


Official releases are available as nuget package and as Visual Studio extension.
Nightly builds are available from appveyor (go to Configuration: Release -> Artifacts).


git clone
cd security-code-scan

Open SecurityCodeScan.sln in Visual Studio or build from command line:

nuget restore SecurityCodeScan.sln
msbuild SecurityCodeScan.sln



Most of the tests are written in two languages: C# and VB.NET. If you aren't an expert in VB.NET (me neither) use any online converter to create the VB.NET counterpart from tested C# code example.
Tests are ideal for developing features and fixing bugs as it is easy to debug.


In case you are not sure what is wrong or you see AD0001 error with an exception, it is possible to debug the analysis of problematic Visual Studio solution.

Visual Studio offloads some static analysis work to a separate process. It is a good idea to uncomment the lines to have a chance to debug the child process.

First, make sure there are no Security Code Scan Visual Studio extensions installed to avoid interference.
Right click SecurityCodeScan.Vsix project in the solution and choose Set as StartUp project.
Start debugging in Visual Studio. It will open another instance of Visual Studio with debugger attached.
Open the solution with the problematic source.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
c-sharp (12,456
security (1,909
dotnet (895
static-analysis (251
scanner (226
analysis (223
code (154
static-code-analysis (101
analyzer (74
owasp (71
static (58
roslyn (46
scan (43