AppSecArchitect
Established Member.
4821 views

Security Assistant as a .NET project analyzer dev dependency

Since you are already utilizing the .NET Compiler platform (Roslyn), you might look into the model of packaging up your security assitant rules as a NuGet delivered “dev dependency” analyzer DLL so that they can be installed directly into the .NET projects themselves.  This would allow running these analyzers during MSBuild steps in CI build platforms (TFS / VSTS / TeamCity) by specifying the build flag: RunCodeAnalysis=true . 

I am seeing some other .NET compiler native security tooling taking this path and would love to see Security Assistant follow suit so we can harness in our gated CI builds!

 

Also – it appears Microsoft is going to be releasing a similar offering:

Labels (1)
0 Likes
1 Reply
Community Manager COEST Community Manager
Community Manager

Re: Security Assistant as a .NET project analyzer dev dependency

Thank you for your input - I will share this with the Fortify PM team!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.