DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities.
Clone or download


DevSkim is a framework of IDE extensions and Language analyzers that provide inline security analysis in the dev environment as the developer writes code. It is designed to work with multiple IDEs (VS, VS Code, Sublime Text, etc.), and has a flexible rule model that supports multiple programming languages. The idea is to give the developer notification as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.


DevSkim is currently in public preview. We're looking forward to working with the community to improve both the scanning engines and rules over the next few months, and welcome your feedback and contributions!


DevSkim consists of multiple repositories (one for the rules, and one per plugin):

Please access those projects to download the plugin, open issues, or contribute content.

Writing Rules

Please see Writing Rules for instructions on how to author new rules.

Reporting Issues

Please see CONTRIBUTING for information on reporting issues and contributing code.