DevSkim is a framework of IDE extensions and Language analyzers that provide inline security analysis in the dev environment as the developer writes code. It is designed to work with multiple IDEs (VS, VS Code, Sublime Text, etc.), and has a flexible rule model that supports multiple programming languages. The idea is to give the developer notification as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.
DevSkim is currently in public preview. We're looking forward to working with the community to improve both the scanning engines and rules over the next few months, and welcome your feedback and contributions!
DevSkim consists of multiple repositories (one for the rules, and one per plugin):
- DevSkim - This repository, plus common rules and guidance
- DevSkim-VisualStudio-Extension - Visual Studio Extension
- DevSkim-Sublime-Plugin - Sublime Text Plugin
- DevSkim-VSCode-Plugin - VS Code Plugin
Please access those projects to download the plugin, open issues, or contribute content.
Please see Writing Rules for instructions on how to author new rules.
Please see CONTRIBUTING for information on reporting issues and contributing code.