BinSkim Binary Analyzer
This repository contains the source code for BinSkim, a Portable Executable (PE) light-weight scanner that validates compiler/linker settings and other security-relevant binary characteristics.
- Fork the repository -- Need Help?
- Load and compile
src\BinSkim.slnto develop changes for contribution.
- Execute BuildAndTest.cmd at the root of the enlistment to validate before submitting a PR.
Submit Pull Requests
BuildAndTest.cmdat the root of the enlistment to ensure that all tests pass, release build succeeds, and NuGet packages are created
- Submit a Pull Request to the 'develop' branch -- Need Help?
- Download BinSkim from NuGet
- Read the User Guide
- Find out more about the Static Analysis Results Interchange Format (SARIF) used to output Binskim results
Command-Line Quick Guide
|Argument (short form, long form)||Meaning|
||Symbols path value (e.g.
||File path used to write and output analysis using SARIF|
||Emit verbose output. The comprehensive report is designed to provide appropriate evidence for compliance scenarios|
||Recurse into subdirectories when evaluating file specifier arguments|
||(Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings|
||Do not log results to the console|
||Generate timing and other statistics for analysis session|
||Output hashes of analysis targets when emitting SARIF reports|
Log machine environment details of run to output file.
WARNING: This option records potentially sensitive information (such as all environment variable values) to the log file.
||Path to plug-in that will be invoked against all targets in the analysis set.|
||Table of argument information.|
||BinSkim version details.|
||One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.|
binskim.exe analyze c:\bld\*.dll --recurse --output MyRun.sarif