SharpSource
security-code-scan
SharpSource | security-code-scan | |
---|---|---|
1 | 2 | |
27 | 919 | |
- | 1.4% | |
3.7 | 0.0 | |
3 months ago | 5 days ago | |
C# | C# | |
MIT License | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SharpSource
-
What specific patterns are inefficient or cause issues at runtime?
Using a string.Format() call where the arguments don't match the placeholders [docs]
security-code-scan
-
Top 12 Cloud Security Tools for 2021
4. Security code scan
-
F# with C#
Ah. So we're reaching the limits of my knowledge here, but F# was bootstrapped (written in itself) in 2006, which predates Roslyn (C#'s bootstrapping) by about ~5 years. Bootstrapping makes building code analysis tools/APIs easier. Unfortunately the F# Compiler Service and Roslyn are incompatible, and tools built in Roslyn do not work for F#. (This isn't the first time C# has taken ideas from F# but broke compatibility... Task vs Async... but I digress.) These tools include things like Security Code Scan, which I had in mind when I wrote the OP. Typically when projects say "For C# and VB.NET" they're using Roslyn (which supports VB.NET). Otherwise if they supported C#, VB.NET, and F#... they'd just say they do all of dotnet - no need to specify 2/3 languages. Microsoft's own Edit and Continue documentation follows this trend of specifying C# and VB.NET, but excluding F#.
What are some alternatives?
RecordValueAnalyser - C# Roslyn code analyser to check records for correct value semantics
AlbionOnline-StatisticsAnalysis - A tool with many features for the game Albion Online
Meziantou.Analyzer - A Roslyn analyzer to enforce some good practices in C#.
Phishious - An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
BestPracticeAnalyzer - A .NET analyzer for developers complaining about people not following "best practices"
Inventory_Kamera - Scans Genshin Impact characters, artifacts, and weapons from the game window into a JSON file.
PeachPie - PeachPie - the PHP compiler and runtime for .NET and .NET Core
node-hp-scan-to - Allow to send scan from device to computer for some HP All-in-One Printers - Scan to computer
cyclonedx-bom-repo-server - A BOM repository server for distributing CycloneDX BOMs
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
IAmRoot NuGet Package - 📦🏴☠️ NuGet package that shows we can run arbitrary code from any NuGet package
Docutain-SDK-Example-.NET-MAUI