DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.

  •        160

DevSkim is a framework of IDE extensions and Language analyzers that provide inline security analysis in the dev environment as the developer writes code. It is designed to work with multiple IDEs (VS, VS Code, Sublime Text, etc.), and has a flexible rule model that supports multiple programming languages. The idea is to give the developer notification as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.Please access those projects to download the plugin, open issues, or contribute content.

https://github.com/Microsoft/DevSkim

Tags
Implementation
License
Platform

   




Related Projects

bandit - Bandit is a tool designed to find common security issues in Python code.

  •    Python

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

MSRC-Security-Research - Security Research from the Microsoft Security Response Center (MSRC)

  •    

This project hosts security research from the Microsoft Security Response Center (MSRC).At this time, this project does not accept external contributions, but we hope to do so in the future. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

Solium - Linter to identify and fix style & security issues in Solidity

  •    Javascript

Solium analyzes your Solidity code for style & security issues and fixes them. To know which lint rules Solium applies for you, see Style rules and Security rules.

goSDL - goSDL

  •    PHP

goSDL is a web application tool that serves as a self-service entry point for following a Security Development Lifecycle checklist in a software development project. This tool collects relevant information about the feature, determines the risk rating, and generates the appropriate security requirements. The tool tailors the checklist to the developers’ specific needs, without providing unnecessary unrelated security requirements. Security experts can establish custom security guidance and requirements as checklist items for all developers. This checklist is used as a guide and reference for building secure software. This encourages a security mindset among developers when working on a project and can be used to easily track the completion of security goals for that project. At the middle or near the end of completion of a project, have a technical person complete the SDL form.


pythonVSCode - This extension is now maintained in the Microsoft fork.

  •    TypeScript

To see all available Python commands, open the Command Palette and type Python. The Microsoft Python Extension for Visual Studio Code collects usage data and sends it to Microsoft to help improve our products and services. Read our privacy statement to learn more. This extension respects the telemetry.enableTelemetry setting which you can learn more about at https://code.visualstudio.com/docs/supporting/faq#_how-to-disable-telemetry-reporting.

Sample Security Application

  •    

A sample security application that uses Microsoft Account (Identity Provider), WebAPI (Service Layer) and EntityFramework (Data Access Layer).

NWebsec

  •    ASPNET

The NWebsec security libraries for ASP.NET applications are built on the philosophy that security should be simple and maintainable.

Microsoft Web Protection Library

  •    DotNet

The Microsoft Web Protection Library offers AntiXSS, an encoding library, to protect your current applications from cross-site scripting attacks and the Security Runtime Engine to help protect your legacy applications.

Microsoft OCS Assessment Tool

  •    C

First ever security assessment tool developed for Microsoft Office Communication Server R1/R2. OAT is designed to check security posture of MS OCS deployments.

hardentools - Hardentools is a utility that disables a number of risky Windows features.

  •    Go

Hardentools is a collection of simple utilities designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now), and primary consumer applications. These features, commonly thought for enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments. WARNING: This is just an experiment, it is not meant for public distribution yet. Also, this tool disables a number of features, including of Microsoft Office, Adobe Reader, and Windows, that might cause malfunctions to certain applications. Use this at your own risk.

SQL Server Label Security Toolkit

  •    

The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2012) to implement row-level security (RLS) and cell-level security (CLS) based on security labels. The major components of the Toolkit are: • The Label Polic...

CRM Bulk Security Role Manager

  •    

CRM Bulk Security Role Manager helps to assign security role according to a csv file.

linter - A Base Linter with Cow Powers http://steelbrain.me/linter/

  •    Javascript

Linter is a base linter provider for the hackable Atom Editor. Additionally, you need to install a specific linter for your language. You will find a full list on atomlinter.github.io.It provides a top-level API to its consumer so that they can visualize errors and other types of messages with ease.

Configure Field Level Security For Security Roles in Microsoft Dynamics CRM 2011

  •    

This application allows you to configure field level security for security roles and enable and disable attributes for field level securities in entities.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

Windows-Exploit-Suggester - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target

  •    Python

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins. It requires the 'systeminfo' command output from a Windows host in order to compare that the Microsoft security bulletin database and determine the patch level of the host.

msdat - MSDAT: Microsoft SQL Database Attacking Tool

  •    Python

MSDAT (Microsoft SQL Database Attacking Tool) is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Tested on Microsof SQL database 2005, 2008 and 2012.

linter-eslint - ESLint plugin for Atom Linter

  •    Javascript

This linter plugin for Linter provides an interface to eslint. It will be used with files that have the "JavaScript" syntax. linter-eslint will look for a version of eslint local to your project and use it if it's available. If none is found it will fall back to the version it ships with.

hadolint - Dockerfile linter, validate inline bash, written in Haskell

  •    Haskell

A smarter Dockerfile linter that helps you build best practice Docker images. The linter is parsing the Dockerfile into an AST and performs rules on top of the AST. It is standing on the shoulders of ShellCheck to lint the Bash code inside RUN instructions. You can run hadolint locally to lint your Dockerfile.