all InfoSec news
Lessons learned from building a static code analyzer for C#
DEV Community dev.to
Introduction
Static code analyzers are tools used to analyze software code without executing it. They can examine the code to find code smells, vulnerabilities, potential errors, and code out of a defined standard, for example. They work by parsing the source code and evaluating its syntax (structure of the code) and semantic (meaning of the code).
Roslyn, the C# compiler, provides tools for developing Roslyn Analyzers (Static code analyzers for Roslyn), giving access to the syntax and semantic of the …
code csharp defined dotnet errors find introduction lessons learned parsing software software code source code standard structure tools vulnerabilities work