问题
I need an IDE that will find problems in my code, those I have tried just don't do it good enough... Iv'e tried Eclipse and IntelliJ IDEA already. is there any good option? Thank you..
回答1:
My team recently released a public preview for DevSkim, an open-source IDE plugin that flags security issues as you type them. Think "spell-check for security bugs". It doesn't provide the same level of depth as "real" static analyzers (it's just using regular expressions), but we think it serves an important need.
DevSkim includes inline guidance (why the code is vulnerable) and for some rules, a one-click "fix it for me" feature. It's available as a plugin for Visual Studio, VS Code, and Sublime Text.
I don't want to make this answer a feature list -- there is more information on our project page. We have plans to extend to additional IDEs, and of course to extend the ruleset. We welcome feedback and contributions.
来源:https://stackoverflow.com/questions/41851431/looking-for-an-security-code-ide