Today, Microsoft has released a free and open-source tool used by its developers to analyze source code for a potential security threat. The tool dubbed Microsoft Application Inspector intends to help developers by highlighting security issues while deploying open source components like libraries during code reuse.
Microsoft Application Inspector also helps in identifying interesting features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on.
According to Microsoft, what makes Application Inspector different from other static analysis tools is that fact that unlike other tools, it isn’t limited to detecting poor programming practices. Instead, it aims to highlight interesting characteristics in a code that are, otherwise, difficult to notice with manual inspection.
Use cases of Microsoft Application Inspector
Microsoft mentions the following use cases of its new code analyzer tool:
- Identifying key changes made in a component’s feature over time to know about a potential a malicious backdoor or increased surface for attack.
- To identify and scrutinize high-risk components and components with unexpected features
Using Microsoft Application Inspector is fairly easy as it is a cross-platform, command-line tool that produces output in multiple formats such as JSON and interactive HTML.
Since it is an open-source tool, you can download the Microsoft Application Inspector tool from GitHub by visiting this link.