search

pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
https://www.pumascan.com
Mozilla Public License 2.0
447 stars 79 forks source link

Analyze Code via .NET Core Docker File #20

Closed chadbrewbaker closed 5 years ago

chadbrewbaker commented 8 years ago

400+ errors when the project is opened in Visual Studio for Mac Preview 1. Looks like a lot of them have to do with Visual Studio integration, not Roslyn. Will try to go through them.

ejohn20 commented 8 years ago

Yikes! It definitely has not been tested over on VS for Mac yet. Might be worth playing with a bit to see if it is possible in that IDE at some point.

meadisu27 commented 8 years ago

Watch MS connect conference yesterday. VS for mac only supports .net core.

On Thu, Nov 17, 2016 at 2:20 PM, Eric Johnson notifications@github.com wrote:

Yikes! It definitely has not been tested over on VS for Mac yet. Might be worth playing with a bit to see if it is possible in that IDE at some point.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pumasecurity/puma-scan/issues/20#issuecomment-261358083, or mute the thread https://github.com/notifications/unsubscribe-auth/ANT2K7vRvwqRRtvn3K23QExWy7zfc5cUks5q_LbwgaJpZM4K1wja .

ejohn20 commented 8 years ago

Ah, that would explain it. We have libs in use that are not in .NET core. We'd need to fork a version for core, which isn't a bad idea anyway going forward.

ejohn20 commented 6 years ago

To my knowledge, this is still not possible. Let me know if I'm wrong.

chadbrewbaker commented 6 years ago

https://github.com/lambci/docker-lambda/blob/master/dotnetcore2.1/build/Dockerfile

I'd load up that Docker container and annotate this thread with what breaks when you install/run Puma headless tooling. Ideally it would be nice to add to this Docker file so Puma can run in anybody's CI pipeline without a Windows dependency.

ejohn20 commented 6 years ago

This may be possible now. I didn't think the analyzers would work in .NET Core yet, however this seems to have been done before. I'm not sure if it's Windows specific or not: https://github.com/dotnet/cli/issues/3175

The export results seem to be able to output to the SARIF format as well: https://github.com/dotnet/roslyn/issues/430

ejohn20 commented 5 years ago

Closing this issue. Scans are working inside the Docker container and from standard "dotnet build" commands. See wiki for details. https://github.com/pumasecurity/puma-scan/wiki/Puma-Scan-Hunting