Microsoft opensourceed Application Inspector, a command-line tool that quickly checks third-party open source component security issues, and the source code was released under an MIT license on GitHub, the software giant’s hosting platform. This static source code analysis tool is used to help developers address potential security issues when integrating third-party open source components.
Microsoft developers say code reuse has many benefits, but sometimes carries hidden complexity and risk problems. Today’s web applications typically contain hundreds of third-party components, and developers rely heavily on the author’s description for use, and it is not clear that software security is unsafe.
The Application Inspector quickly identifies code that may have a security issue with more than 500 rule patterns.