Security Assistant as a .NET project analyzer dev dependency
Since you are already utilizing the .NET Compiler platform (Roslyn), you might look into the model of packaging up your security assitant rules as a NuGet delivered “dev dependency” analyzer DLL so that they can be installed directly into the .NET projects themselves. This would allow running these analyzers during MSBuild steps in CI build platforms (TFS / VSTS / TeamCity) by specifying the build flag: RunCodeAnalysis=true .
I am seeing some other .NET compiler native security tooling taking this path and would love to see Security Assistant follow suit so we can harness in our gated CI builds!
Also – it appears Microsoft is going to be releasing a similar offering: