security-code-scan.github.io | The webpage is periodically updated from https | DNS library

Security Code Scan (SCS) can be installed as:. All three options or running SCS have their own advantages. Installing it as NuGet package allows to choose projects in a solution that should be analyzed. It is a good idea to exclude test projects, because they do not make it into a final product. ⚠️Note: In previous versions of .NET Core, if you added a reference to a project that had a Roslyn analyzer as NuGet package, it was automatically added to the dependent project too. To disable this behavior, for example if the dependent project is a unit test project, make sure the NuGet package is added as private in the .csproj or .vbproj file of the referenced project: <PackageReference Include="SecurityCodeScan" Version="5.0.0" PrivateAssets="all" />. ⚠️ If during the analysis you run into warning CS8032: An instance of analyzer SecurityCodeScan.Analyzers.****** cannot be created from... Could not load file or assembly 'Microsoft.CodeAnalysis, Version=******'. The system cannot find the file specified.. most likely there is a mismatch between the used compiler toolset/SDK and the version of Roslyn analyzer library used by SCS. You may work-around the issue by: a. Adding the latest Microsoft.Net.Compilers.Toolset NuGet package to the project: dotnet add package microsoft.net.compilers.toolset. Please note as per Microsoft "This package is primarily intended as a method for rapidly shipping hotfixes to customers. Using it as a long term solution for providing newer compilers on older MSBuild installations is explicitly not supported. That can and will break on a regular basis. The supported mechanism for providing new compilers in a build enviroment is updating to the newer .NET SDK or Visual Studio Build Tools SKU." b. Upgrading the project to the newer .NET SDK/Compiler version. c. Using an older version of SCS. However it requires discipline to install SCS into every solution a developer works with. Installing it as a Visual Studio extension is a single install action. The NuGet version runs during a build and in background as IntelliSense (VS extension provides IntelliSense only) and can be integrated to any Continuous Integration (CI) server that supports MSBuild.
Visual Studio extension. Use the link or open "Tools > Extensions and Updates..." Select "Online" in the tree on the left and search for SecurityCodeScan in the right upper field. Click "Download" and install.
NuGet package. Right-click on the root item in your solution. Select "Manage NuGet Packages for Solution...". Select "Browse" on the top and search for Security Code Scan. Select project you want to install into and click "Install". Another option is to install the package into all projects in a solution: use "Tools > NuGet Package Manager > Package Manager Console". Run the command Get-Project -All | Install-Package SecurityCodeScan.
Stand-alone runner. Install with dotnet tool install --global security-scan and run security-scan /your/solution.sln. For older .NET 4.x please use security-scan4x.zip from GitHub Releases.