Tuesday, 19 June 2012

Running Cat.NET SAST Scanner outside VisualStudio

One of the big limitations of Cat.NET was its need to be executed inside VisualStudio.

Yes VisualStudio is one of the places where we want to use Cat.NET's engine and GUIs, but it is also very important to be able to run it as a stand-alone tool (and to inject it into other .NET applications).

Here is a video that shows a GUI/script I created with the O2 Platfrom, which shows the execution of Cat.NET GUIs + Scanning engine outside VisualStudio, and a couple extra features added.




Some of the features added:
  • Drag and drop support for:
    • loading previous Cat.NET scans (*.xml files)
    • scanning *.dlls or *.exe
    • compiling (using Roslyn) and scanning *.sln files
  • Source-Code viewer to quickly the traces created
  • New top buttons  (the previous buttons were removed for now since they had some VS dependencies)

Here is a document that shows how this GUI was created (and how the Cat.NET dlls where consumed using O2's reflection APIs)




Related Posts:




Post a Comment