DevSkim logo


A set of IDE plugins and rules that provide security "linting" capabilities (by Microsoft)
+ 1

What is DevSkim?

It is a framework of IDE extensions and language analyzers that provide inline security analysis in the dev environment as the developer writes code. It has a flexible rule model that supports multiple programming languages. The goal is to notify the developer as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.
DevSkim is a tool in the Security category of a tech stack.
DevSkim is an open source tool with 781 GitHub stars and 104 GitHub forks. Here’s a link to DevSkim's open source repository on GitHub

DevSkim Integrations

JavaScript, Python, Visual Studio Code, Java, and TypeScript are some of the popular tools that integrate with DevSkim. Here's a list of all 10 tools that integrate with DevSkim.

DevSkim's Features

  • Built-in rules, and support for writing custom rules
  • Cross-platform CLI built on .NET Core 3.1 for file analysis
  • IDE plugins for Visual Studio and Visual Studio Code
  • IntelliSense error "squiggly lines" for identified security issues
  • Information and guidance provided for identified security issues
  • Optional suppression of unwanted findings
  • Broad language support including: C, C++, C#, Cobol, Go, Java, Javascript/Typescript, Python, and more

DevSkim Alternatives & Comparisons

What are some alternatives to DevSkim?
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
Azure DevOps
Azure DevOps provides unlimited private Git hosting, cloud build for continuous integration, agile planning, and release management for continuous delivery to the cloud and on-premises. Includes broad IDE support.
Let's Encrypt
It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
Ensighten is a comprehensive website security company, offering next generation compliance, enforcement and client-side protection against data loss, ad injection and intrusion.
Azure DevOps Server
It is set of collaborative software development tools, hosted on-premises. It integrates with your existing IDE or editor, enabling your cross-functional team to work effectively on projects of all sizes.
See all alternatives
Related Comparisons
No related comparisons found

DevSkim's Followers
3 developers follow DevSkim to keep up with related blogs and decisions.