Microsoft Launches Microsoft Application inspector as Open Source

Microsoft has released Microsoft Application Inspector on GitHub as Open Source is a code analysis tool especially Open Source for among other things security and can examine millions of lines of code in several different programming languages, it is written on .NET Core, more information check their wiki.

Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does.

Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify «good» or «bad» patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.

The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and can scan projects with mixed language files. It also includes HTML, JSON and text output formats with the default being an HTML.

January 16 2020 Introducing Microsoft Application Inspector