Open-Awesome
CategoriesAlternativesStacksSelf-HostedExplore
Open-Awesome

© 2026 Open-Awesome. Curated for the developer elite.

TermsPrivacyAboutGitHubRSS
  1. Home
  2. Static Analysis & Code Quality
  3. DevSkim

DevSkim

MITC#v1.0.70

A security linting framework with IDE plugins and CLI tools that identifies vulnerabilities as developers write code.

GitHubGitHub
997 stars125 forks0 contributors

What is DevSkim?

DevSkim is a security linting framework that provides inline security analysis in integrated development environments (IDEs) and via a command-line interface. It identifies potential security vulnerabilities as developers write code, offering real-time feedback and guidance to fix issues immediately. The tool supports multiple programming languages and includes a flexible rule system for both built-in and custom security checks.

Target Audience

Developers and development teams across various programming languages who want to integrate security analysis directly into their coding workflow, especially those using Visual Studio or Visual Studio Code.

Value Proposition

Developers choose DevSkim for its real-time, IDE-integrated security feedback that helps catch vulnerabilities early, its support for a wide range of languages, and its extensible rule system that allows customization to fit specific security needs.

Overview

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

Use Cases

Best For

  • Real-time security vulnerability detection during coding in IDEs
  • Integrating security linting into CI/CD pipelines via CLI
  • Educating developers on secure coding practices through immediate feedback
  • Customizing security rules for specific project or organizational needs
  • Analyzing multi-language codebases for common security flaws
  • Shifting security left by catching issues in the development phase

Not Ideal For

  • Teams using IDEs other than Visual Studio or Visual Studio Code, such as IntelliJ IDEA or Eclipse
  • Projects in environments where .NET is not installed or is avoided for dependency management
  • Organizations with established security scanning pipelines that already include comprehensive tools like SonarQube or Snyk

Pros & Cons

Pros

Real-Time IDE Feedback

Provides inline security analysis with IntelliSense error squiggles in Visual Studio and VS Code, catching vulnerabilities as code is written, as demonstrated in the example GIF.

Broad Language Support

Analyzes code in over a dozen languages including C, C++, Java, Python, and JavaScript/TypeScript, making it versatile for polyglot codebases.

Extensible Rule System

Supports writing custom rules using JSONPath, XPATH, and YmlPath, allowing teams to tailor security checks to specific project needs.

CI/CD Integration

Offers a cross-platform CLI and an official GitHub Action, enabling seamless integration into automated pipelines for continuous security analysis.

Cons

.NET Runtime Dependency

The CLI and core library are .NET-based, requiring the .NET runtime to be installed, which can be a barrier in lightweight or non-Windows environments.

Limited IDE Ecosystem

Official plugins are only available for Visual Studio and Visual Studio Code, leaving users of other popular IDEs without native support.

Rule Maintenance Overhead

Custom rules require learning the rule syntax and ongoing maintenance, which can add complexity and administrative burden for teams.

Frequently Asked Questions

Quick Stats

Stars997
Forks125
Contributors0
Open Issues61
Last commit13 days ago
CreatedSince 2016

Tags

#ide-plugin#sdl#linter#security-linting#code-security#vscode#vulnerability-detection#visual-studio#security#dotnet#devsecops#language-server-protocol#visual-studio-extension#visual-studio-code-extension#static-analysis

Built With

L
Language Server Protocol
.
.NET

Included in

Static Analysis & Code Quality14.5k
Auto-fetched 9 hours ago

Related Projects

trivytrivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Stars36,672
Forks510
Last commit23 hours ago
ESLintESLint

Find and fix problems in your JavaScript code.

Stars27,340
Forks5,037
Last commit9 hours ago
oxcoxc

⚓ A collection of high-performance JavaScript tools.

Stars21,798
Forks1,098
Last commit11 hours ago
aleale

Check syntax in Vim/Neovim asynchronously and fix files, with Language Server Protocol (LSP) support

Stars14,008
Forks1,482
Last commit11 days ago
Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a projectStar on GitHub