Real-Time Vulnerability Feedback in VisualStudio

UPDATE: There is a VisualStudio Extension for O2's # REPL Script Environment available from VisualStudio Gallery

A key concept of making security invisible to developers is to create an environment where 'most of the time' they don't have to care about security, and the only time they need to pay attention is when they create a security vulnerability.

Here is a PoC of what the developer's experience should be: 

The key technologies used to create this are:
  • O2 Platform - glue it all together and REPL script environment
  • Roslyn - code compilation (by Microsoft)
  • Cat.NET - SAST security scanner (by Microsoft)

Here are a number of posts and videos on this topic:
Blog posts by category:


Somen Das said...

Hi Denis,

This looks great.

Are you & team also working on "Real-Time Vulnerability Feedback in Eclipse"

Thanks & stay secure,
Somen Das

Dinis Cruz said...

I need to write an eclipse plug-in for TeamMentor so It would be great to have this there too

Do you have experience in writing ecliplse plug-ins?