### Setup and Build for Debugging Source: https://github.com/microsoft/devskim/blob/main/DevSkim-VSCode-Plugin/README.md Prepare the environment and build the project for debugging within VS Code. This involves running setup scripts and compiling the TypeScript code. ```bash npm run setup tsc -b ``` -------------------------------- ### Install DevSkim CLI and Run Scan Source: https://context7.com/microsoft/devskim/llms.txt Installs the DevSkim CLI as a .NET global tool and then runs a scan, outputting results to a SARIF file. ```bash # Install CLI as a .NET global tool dotnet tool install --global Microsoft.CST.DevSkim.CLI # Run a scan after installation devskim analyze -I /path/to/project/ -O results.sarif ``` -------------------------------- ### Install DevSkim VS Code Extension Source: https://github.com/microsoft/devskim/wiki/Visual-Studio-Code-Extension Use this command in VS Code's Quick Open bar to install the DevSkim plugin. ```shell ext install ms-cst-e.vscode-devskim ``` -------------------------------- ### Example: Apply Fixes with DevSkim Source: https://github.com/microsoft/devskim/wiki/Fix-Command This is an example of how to use the 'devskim fix' command to apply fixes. It specifies the source code directory and the Sarif result file. ```console devskim fix -I /home/user/myproject/ -O /home/user/myproject/DevSkim.sarif ``` -------------------------------- ### DevSkim Analysis Configuration File Example Source: https://context7.com/microsoft/devskim/llms.txt An example JSON configuration file for DevSkim analysis, demonstrating various options such as per-language rule ignores, output settings, severity/confidence filters, and glob patterns. This file allows for detailed customization of scan behavior. ```json { "LanguageRuleIgnoreMap": { "csharp": ["DS126858"], "python": ["DS196098"] }, "OutputFile": "results.sarif", "Rules": [], "RuleIds": [], "IgnoreRuleIds": ["DS197836"], "OutputTextFormat": "%F:%L:%C [%S] %R %N", "OutputFileFormat": "sarif", "Severities": [ "Critical", "Important", "Moderate" ], "Confidences": [ "High", "Medium" ], "Globs": [ "**/.git/**", "**/bin/**", "**/obj/**", "**/*.min.js" ], "DisableSuppression": false, "DisableParallel": false, "IgnoreDefaultRules": false, "CrawlArchives": false, "ExitCodeIsNumIssues": true, "BasePath": "", "AbsolutePaths": false, "RespectGitIgnore": true, "SkipExcerpts": false, "ConsoleVerbosityLevel": "Information", "DisableConsoleOutput": false, "LogFileLevel": "Error", "LogFilePath": null } ``` -------------------------------- ### Install DevSkim NuGet Package Source: https://context7.com/microsoft/devskim/llms.txt Commands to install the DevSkim NuGet package for .NET projects using the CLI or Visual Studio Package Manager Console. ```bash # .NET CLI dotnet add package Microsoft.CST.DevSkim # Visual Studio Package Manager Console PM> Install-Package Microsoft.CST.DevSkim ``` -------------------------------- ### Install DevSkim via Dotnet CLI Source: https://github.com/microsoft/devskim/wiki/API Use this command in your terminal to add the DevSkim NuGet package to your project using the .NET CLI. ```console dotnet add package Microsoft.CST.DevSkim ``` -------------------------------- ### Install VS Code Extension via Command Line Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Install the generated VSIX package for the VS Code extension using the 'code' command-line utility. ```bash code --install-extension vscode-devskim-0.8.55.vsix ``` -------------------------------- ### Install VS Code Extension Dependencies Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Install the necessary Node.js dependencies for the VS Code extension using npm. ```bash npm install ``` -------------------------------- ### DevSkim CLI Usage Examples Source: https://github.com/microsoft/devskim/blob/main/Changelog.md Demonstrates the usage of DevSkim's analyze, fix, and suppress commands with various options. Use these commands to scan code, apply fixes, or manage suppressions. ```bash devskim analyze -I path/to/source -O myresults.sarif ``` ```bash devskim fix -I path/to/source -O myresults.sarif --dry-run --all ``` ```bash devskim suppress -I path/to/source -O myresults.sarif --dry-run --all ``` -------------------------------- ### Verify Rules with a Specific Rules File Source: https://github.com/microsoft/devskim/wiki/Verify-Command Example of how to use the devskim verify command to check rules located in a specific directory. This is useful for validating custom rule sets. ```console devskim verify -r /home/user/myrules/ ``` -------------------------------- ### Example: Suppress Issues in Sarif File Source: https://github.com/microsoft/devskim/wiki/Suppress-Command An example of how to use the devskim suppress command to process a Sarif file, specifying the source code directory and the output Sarif file. ```console devskim suppress -I /home/user/myproject/ -O /home/user/myproject/DevSkim.sarif ``` -------------------------------- ### Install DevSkim via Visual Studio Package Manager Source: https://github.com/microsoft/devskim/wiki/API Use this command in the Visual Studio Package Manager Console to add the DevSkim NuGet package to your project. ```console PM> Install-Package Microsoft.CST.DevSkim ``` -------------------------------- ### Rule Self-Testing Example Source: https://github.com/microsoft/devskim/wiki/Testing-Rules This JSON snippet demonstrates the use of `must-match` and `must-not-match` fields within a DevSkim rule for self-testing. The `must-match` array contains patterns expected to be found, while `must-not-match` lists patterns that should not be detected. ```json "must-match": [ "gets(string);" ], "must-not-match": [ "fgets(string);", "gets_s(string);" ] ``` -------------------------------- ### Prepare DevSkimRuleset from Directory Source: https://github.com/microsoft/devskim/wiki/API Instantiate DevSkimRuleset and add custom rules from a specified directory. This is a verbose way to set up rules. ```csharp // verbose way DevSkimRuleset rules = new DevSkimRuleset(); rules.AddDirectory("/home/user/rules"); ``` -------------------------------- ### Build DevSkim CLI using dotnet Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Build the DevSkim CLI project using the .NET CLI. ```bash dotnet build ``` -------------------------------- ### Apply DevSkim Ruleset to Analyze Code Source: https://github.com/microsoft/devskim/wiki/API Load default rules, create a processor with options, and analyze C++ code content. Ensure the file path for content analysis is correct. ```csharp // Load the rules DevSkimRuleset rules = DevSkimRuleset.LoadDefaultRules() // Create options DevSkimRuleProcessorOptions opts = new DevSkimRuleProcessorOptions(); // Create DevSkimRuleProcessor and pass the ruleset DevSkimRuleProcessor processor = new DevSkimRuleProcessor(rules, opts); // Get content for analysis string content = File.ReadAllText("main.cpp"); // Analyze content, using rules for C++ IEnumerable issues = processor.Analyze(content, "main.cpp"); ``` -------------------------------- ### DevSkim CLI Usage Source: https://github.com/microsoft/devskim/wiki/Command-Line-Interface Displays the available commands and options for the DevSkim CLI. Use this to understand the basic structure and available actions. ```console Usage: devskim [command] [options] Commands: analyze Analyze source code using DevSkim fix Apply fixes from a Sarif verify Verify rule validity suppress Suppress issues identified in a DevSkim Sarif Options: --help Show help information --version Show version information Use "devskim [command] --help" for more information about a command. ``` -------------------------------- ### Run DevSkim CLI DLL Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Execute the DevSkim CLI by running its DLL using the dotnet command. ```bash dotnet bin\debug\net7.0\devskim.dll ``` -------------------------------- ### Strong Cipher Suites for TLS Source: https://github.com/microsoft/devskim/blob/main/guidance/DS440000.md These are examples of strong cipher suites that provide at least 128-bits of security, forward secrecy, and strong authentication and key exchange methods. They should be prioritized for secure TLS configurations. ```C TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ``` -------------------------------- ### Navigate to DevSkim-DotNet Folder Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Change directory to the DevSkim-DotNet folder after cloning the repository. ```bash cd DevSkim\DevSkim-DotNet ``` -------------------------------- ### Extract Zip Archive Entries Safely in C# Source: https://github.com/microsoft/devskim/blob/main/guidance/DS113854.md When extracting zip archives in C#, always validate the `ZipArchiveEntry.FullName` property to prevent directory traversal attacks. This example shows how to extract .txt files while performing basic validation. ```csharp using (ZipArchive archive = ZipFile.OpenRead(zipPath)) { foreach (ZipArchiveEntry entry in archive.Entries) { if (entry.FullName.EndsWith(".txt", StringComparison.OrdinalIgnoreCase)) { entry.ExtractToFile(Path.Combine(extractPath, entry.FullName)); } } } ``` -------------------------------- ### DevSkim Verify Command Syntax Source: https://github.com/microsoft/devskim/wiki/Verify-Command Displays the available arguments and options for the devskim verify command. Use this to understand how to specify rules files and configure language and comment settings. ```console Usage: devskim verify [arguments] [options] Arguments: -r Comma separated list of paths to rules files to use Options: --languages Path to custom json formatted Language file to specify languages. When specified, --comments must also be specified. --comments Path to custom json formatted Comments file to specify comments. When specified, --languages must also be specified. -x, --console-verbosity Console verbosity [Verbose|Debug|Information|Warning|Error|Fatal] (Default: Information) --disable-console Disable console output of logging messages. (Default: false) -v, --log-file-level Log file level [Verbose|Debug|Information|Warning|Error|Fatal] (Default: Error) -l, --log-file-path Log file path. If not set, will not log to file. --help Show help information. --version Display version information. ``` -------------------------------- ### Create AES Instance in .NET Source: https://github.com/microsoft/devskim/blob/main/guidance/DS106864.md Use System.Security.Cryptography.Aes.Create() for modern symmetric encryption in .NET. Avoids the use of DES. ```.NET System.Security.Cryptography.Aes.Create() ``` -------------------------------- ### Analyze with Custom Rules Source: https://github.com/microsoft/devskim/wiki/Analyze-Command Use the `-r` option to include custom rule directories or files. Specify `--ignore-default-rules` to use only custom rules. ```console # use default rules AND custom rules devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules ``` ```console # use only custom rules devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules -i ``` ```console # use custom languages and comments files devskim analyze /home/user/myproject -r /my/rules/directory \ --languages /my/rules/directory/languages.json --comments /my/rules/directory/comments.json ``` -------------------------------- ### Add DevSkim to .csproj file Source: https://github.com/microsoft/devskim/wiki/API Manually add the DevSkim package reference to your project's .csproj file. ```xml ``` -------------------------------- ### DevSkim Analysis Using Custom Rules with Defaults Source: https://context7.com/microsoft/devskim/llms.txt Analyzes a source directory using both custom rules and the default rule set, saving results to a SARIF file. This approach extends the default security checks with project-specific rules. ```bash devskim analyze -I /path/to/project/src/ -r /my/custom/rules/ -O results.sarif ``` -------------------------------- ### Full Set of DevSkim Configuration Options Source: https://github.com/microsoft/devskim/wiki/Analyze-Command This JSON object details all configurable options for DevSkim analysis, including default values for various settings like rule management, output, severities, and file globbing. ```json { "LanguageRuleIgnoreMap": {}, "OutputFile": "", "Rules": [], "RuleIds": [], "IgnoreRuleIds": [], "LanguagesPath": "", "CommentsPath": "", "OutputTextFormat": "", "OutputFileFormat": "", "Severities": [ "Critical", "Important", "Moderate", "BestPractice", "ManualReview" ], "Confidences": [ "High", "Medium" ], "Globs": [ "**/.git/**", "**/bin/**" ], "DisableSuppression": false, "DisableParallel": false, "IgnoreDefaultRules": false, "CrawlArchives": false, "ExitCodeIsNumIssues": false, "BasePath": "", "AbsolutePaths": false, "RespectGitIgnore": false, "SkipExcerpts": false, "ConsoleVerbosityLevel": "Information", "DisableConsoleOutput": false, "LogFileLevel": "Error", "LogFilePath": null } ``` -------------------------------- ### Navigate to DevSkim VS Code Plugin Folder Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Change directory to the DevSkim VS Code plugin folder. ```bash cd DevSkim\DevSkim-VsCode-Plugin ``` -------------------------------- ### Navigate to DevSkim Visual Studio Extension Folder Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Change directory to the specific folder for the Visual Studio extension. ```bash cd DevSkim\DevSkim-DotNet\Microsoft.DevSkim.VisualStudio ``` -------------------------------- ### Scan and Output Results to File Source: https://github.com/microsoft/devskim/wiki/Analyze-Command Scan a project and save the results to a file. The default output format is Sarif, but text format can be specified with `-f text`. ```console # Scan and output Sarif devskim analyze -I /home/user/myproject results.sarif ``` ```console # simple output to a file (text) devskim analyze /home/user/myproject results.txt -f text ``` -------------------------------- ### Configure DevSkim Analysis with JSON Options Source: https://github.com/microsoft/devskim/wiki/Analyze-Command Use a JSON file to configure DevSkim analysis options, such as ignoring specific globs or rules for certain languages. Command-line options override JSON settings. ```json { "Globs": [ "*.contoso" ], "LanguageRuleIgnoreMap": { "csharp" : [ "DS123456789"] } } ``` -------------------------------- ### Build DevSkim Extension Source: https://github.com/microsoft/devskim/blob/main/DevSkim-VSCode-Plugin/README.md Build the vsix extension directly using npm. This command is used to package the extension for distribution. ```bash npm run pack-ext ``` -------------------------------- ### DevSkimRuleProcessor Usage Source: https://context7.com/microsoft/devskim/llms.txt Demonstrates how to use DevSkimRuleProcessor to analyze file content, identify issues, and apply fixes. ```APIDOC ## DevSkimRuleProcessor Applies a `DevSkimRuleSet` to file content and returns `Issue` objects describing each finding, including its location, rule metadata, confidence, and available fixes. It also exposes static helpers for applying fixes and generating suppression comments. ### Usage Example ```csharp using Microsoft.DevSkim; using Microsoft.ApplicationInspector.RulesEngine; using System.IO; // 1. Build a rule set DevSkimRuleSet rules = DevSkimRuleSet.GetDefaultRuleSet(); // 2. Configure processor options DevSkimRuleProcessorOptions opts = new DevSkimRuleProcessorOptions { EnableSuppressions = true, // Honor DevSkim: ignore comments ConfidenceFilter = Confidence.High | Confidence.Medium }; // 3. Create the processor DevSkimRuleProcessor processor = new DevSkimRuleProcessor(rules, opts); // 4. Analyze a file string content = File.ReadAllText("crypto/hashing.cs"); IEnumerable issues = processor.Analyze(content, "crypto/hashing.cs"); // 5. Inspect results foreach (Issue issue in issues) { Console.WriteLine($"[{issue.Rule.Severity}] {issue.Rule.Name} (ID: {issue.Rule.Id})"); Console.WriteLine($" Location: line {issue.StartLocation.Line}, col {issue.StartLocation.Column}"); Console.WriteLine($" Recommendation: {issue.Rule.Recommendation}"); // 6. Check and apply available fixes if (issue.Rule.Fixes?.Any() == true) { string line = content.Split('\n')[issue.StartLocation.Line - 1]; foreach (CodeFix fix in issue.Rule.Fixes) { if (DevSkimRuleProcessor.IsFixable(line, fix)) { string fixedLine = DevSkimRuleProcessor.Fix(line, fix) ?? line; Console.WriteLine($" Fix '{fix.Name}': {line.Trim()} => {fixedLine.Trim()}"); } } } } // 7. Generate suppression comment for a specific rule in C# string suppression = DevSkimRuleProcessor.GenerateSuppressionByFileName( fileName: "crypto/hashing.cs", rulesId: "DS168931", preferMultiLine: false, duration: 30, reviewerName: "security-team" ); // => "// DevSkim: ignore DS168931 until 2025-09-01 by security-team" Console.WriteLine(suppression); ``` ``` -------------------------------- ### DevSkim Analysis with JSON Configuration File Source: https://context7.com/microsoft/devskim/llms.txt Executes the DevSkim analysis command using a JSON configuration file for persistent and reusable settings. Command-line arguments will override settings in this file. ```bash devskim analyze -I /path/to/project/src/ --options-json devskim-options.json ``` -------------------------------- ### DevSkim Analysis Using Only Custom Rules Source: https://context7.com/microsoft/devskim/llms.txt Scans a source directory using only custom rules defined in a specified directory, ignoring all built-in default rules. This allows for a completely customized security policy. ```bash devskim analyze -I /path/to/project/src/ -r /my/custom/rules/ --ignore-default-rules ``` -------------------------------- ### Verify DevSkim Rule Files Source: https://context7.com/microsoft/devskim/llms.txt Use `devskim verify` to check rule files for syntax correctness and run embedded self-tests. This is essential when authoring or modifying custom rules. ```bash # Verify all rules in a directory devskim verify -r /path/to/my/rules/ ``` ```bash # Verify a single rule file devskim verify -r /path/to/my/rules/my_custom_rule.json ``` ```bash # Verify with custom language and comment definition files devskim verify -r /path/to/my/rules/ \ --languages /path/to/my/rules/languages.json \ --comments /path/to/my/rules/comments.json ``` ```bash # Verbose output for debugging rule failures devskim verify -r /path/to/my/rules/ -x Verbose ``` -------------------------------- ### Build Visual Studio Extension using msbuild Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Build the Visual Studio extension project using msbuild, ensuring dependencies are restored. ```bash msbuild Microsoft.DevSkim.VisualStudio.csproj -restore ``` -------------------------------- ### Apply Custom DevSkim Rules Source: https://context7.com/microsoft/devskim/llms.txt Layer custom rules onto the default DevSkim ruleset using the `-r` flag. This allows for domain-specific security requirements. ```shell devskim analyze -r ``` -------------------------------- ### Clone DevSkim Repository Source: https://github.com/microsoft/devskim/wiki/Build-from-Source Clone the DevSkim repository from GitHub to your local machine. ```bash git clone https://github.com/microsoft/DevSkim.git ``` -------------------------------- ### Verify Custom DevSkim Rules Source: https://context7.com/microsoft/devskim/llms.txt Validate custom security rules written in JSON format using the `devskim verify` command. This command checks the rules against provided test cases. ```shell devskim verify ``` -------------------------------- ### Analyze and Fix Code with DevSkim CLI Source: https://context7.com/microsoft/devskim/llms.txt Use `devskim analyze` to generate a SARIF file and `devskim fix` to apply automatic code fixes based on the SARIF results. Use `--dry-run` to preview changes without modifying files. ```bash # Analyze first, produce a SARIF devskim analyze -I /path/to/project/src/ -O results.sarif ``` ```bash # Apply all fixes described in the SARIF devskim fix -I /path/to/project/src/ -O results.sarif --all ``` ```bash # Preview only — do not modify files devskim fix -I /path/to/project/src/ -O results.sarif --all --dry-run ``` ```bash # Apply fixes only for specific rule IDs devskim fix -I /path/to/project/src/ -O results.sarif --rules DS126858,DS197800 ``` ```bash # Apply fixes to specific files only devskim fix -I /path/to/project/src/ -O results.sarif \ --files "src/crypto/hashing.cs,src/auth/login.py" ``` -------------------------------- ### DevSkim Analysis with SARIF File Output Source: https://context7.com/microsoft/devskim/llms.txt Scans a source directory and saves the security analysis results in SARIF format to a specified file. This is useful for storing scan results for later review or integration with other tools. ```bash devskim analyze -I /path/to/project/src/ -O results.sarif ``` -------------------------------- ### DevSkim Suppress Command Syntax Source: https://github.com/microsoft/devskim/wiki/Suppress-Command Displays the usage syntax for the devskim suppress command, outlining its arguments and available options for controlling suppression behavior. ```console Usage: devskim suppress [arguments] [options] Arguments: -I, --source-code Required. Path to the parent directory containing the source code that was scanned to produce the sarif. -O, --sarif-result Required. Filename for the output sarif from DevSkim Analyze. Options: --dry-run Print information about files that would be changed without changing them. --all Apply all ignores. --files Comma separated list of paths to apply ignore to. --rules Comma separated list of rules to apply ignore for. --prefer-multiline Prefer using multi-line formatted suppression comments. (Default: false) --duration Optional duration for suppressions in days from current system time. (Default: 0) --languages Path to custom json formatted Language file to specify languages. When specified, --comments must also be specified. --comments Path to custom json formatted Comments file to specify comments. When specified, --languages must also be specified. --reviewer Set an optional reviewer name to be associated with added suppressions. -x, --console-verbosity Console verbosity [Verbose|Debug|Information|Warning|Error|Fatal]. (Default: Information) --disable-console Disable console output of logging messages. (Default: false) -v, --log-file-level Log file level [Verbose|Debug|Information|Warning|Error|Fatal]. (Default: Error) -l, --log-file-path Log file path. If not set, will not log to file. --help Show help information. --version Display version information. ``` -------------------------------- ### DevSkim Verbose Logging to File Source: https://context7.com/microsoft/devskim/llms.txt Runs a security scan with verbose logging enabled, directing both the scan output to a SARIF file and detailed debug logs to a specified file. Use this for in-depth troubleshooting of scan issues. ```bash devskim analyze -I /path/to/project/src/ -O results.sarif \ -x Verbose -l /tmp/devskim.log -v Debug ``` -------------------------------- ### DevSkim CLI Input/Output Parameter Change Source: https://github.com/microsoft/devskim/blob/main/Changelog.md Illustrates the change in how input and output files are specified for the DevSkim CLI. The new syntax uses named parameters (-I/--source-code and -O/--output-file) instead of positional parameters. ```bash Old: devskim analyze path/to/src path/to/output.sarif -f sarif ``` ```bash New: devskim analyze -I path/to/src -O path/to/out.sarif ``` -------------------------------- ### Add DevSkim NuGet Package to .csproj Source: https://context7.com/microsoft/devskim/llms.txt XML snippet to add the DevSkim NuGet package as a dependency in a .csproj file. ```xml ``` -------------------------------- ### Analyze File Content with DevSkimRuleProcessor Source: https://context7.com/microsoft/devskim/llms.txt Applies a DevSkimRuleSet to file content to find potential security issues. Configure options like enabling suppressions and filtering by confidence level. Inspect results and apply available code fixes. ```csharp using Microsoft.DevSkim; using Microsoft.ApplicationInspector.RulesEngine; using System.IO; // 1. Build a rule set DevSkimRuleSet rules = DevSkimRuleSet.GetDefaultRuleSet(); // 2. Configure processor options DevSkimRuleProcessorOptions opts = new DevSkimRuleProcessorOptions { EnableSuppressions = true, // Honor DevSkim: ignore comments ConfidenceFilter = Confidence.High | Confidence.Medium }; // 3. Create the processor DevSkimRuleProcessor processor = new DevSkimRuleProcessor(rules, opts); // 4. Analyze a file string content = File.ReadAllText("crypto/hashing.cs"); IEnumerable issues = processor.Analyze(content, "crypto/hashing.cs"); // 5. Inspect results foreach (Issue issue in issues) { Console.WriteLine($"[{issue.Rule.Severity}] {issue.Rule.Name} (ID: {issue.Rule.Id})"); Console.WriteLine($" Location: line {issue.StartLocation.Line}, col {issue.StartLocation.Column}"); Console.WriteLine($" Recommendation: {issue.Rule.Recommendation}"); // 6. Check and apply available fixes if (issue.Rule.Fixes?.Any() == true) { string line = content.Split('\n')[issue.StartLocation.Line - 1]; foreach (CodeFix fix in issue.Rule.Fixes) { if (DevSkimRuleProcessor.IsFixable(line, fix)) { string fixedLine = DevSkimRuleProcessor.Fix(line, fix) ?? line; Console.WriteLine($" Fix '{fix.Name}': {line.Trim()} => {fixedLine.Trim()}"); } } } } // 7. Generate suppression comment for a specific rule in C# string suppression = DevSkimRuleProcessor.GenerateSuppressionByFileName( fileName: "crypto/hashing.cs", rulesId: "DS168931", preferMultiLine: false, duration: 30, reviewerName: "security-team" ); // => "// DevSkim: ignore DS168931 until 2025-09-01 by security-team" Console.WriteLine(suppression); ``` -------------------------------- ### Manage DevSkim Rules with .NET Library Source: https://context7.com/microsoft/devskim/llms.txt Use the `DevSkimRuleSet` class in .NET to load rules from default embedded sets, custom files, or directories. Supports filtering rules by confidence level or specific IDs. ```csharp using Microsoft.DevSkim; using Microsoft.ApplicationInspector.RulesEngine; // Load default embedded rules DevSkimRuleSet defaultRules = DevSkimRuleSet.GetDefaultRuleSet(); // Load custom rules from a directory DevSkimRuleSet customRules = new DevSkimRuleSet(); customRules.AddDirectory("/path/to/my/rules"); // Combine default + custom rules DevSkimRuleSet combined = DevSkimRuleSet.GetDefaultRuleSet(); combined.AddDirectory("/path/to/my/rules"); // Filter to only High-confidence rules DevSkimRuleSet highConfidence = combined.WithConfidenceFilter(Confidence.High); // Restrict to specific rule IDs DevSkimRuleSet targeted = combined.WithIds(new[] { "DS126858", "DS197800" }); // Exclude specific rule IDs DevSkimRuleSet filtered = combined.WithoutIds(new[] { "DS197836" }); ```