Real-Time Vulnerability Feedback in VisualStudio

UPDATE: There is a VisualStudio Extension for O2's # REPL Script Environment available from VisualStudio Gallery

A key concept of making security invisible to developers is to create an environment where 'most of the time' they don't have to care about security, and the only time they need to pay attention is when they create a security vulnerability.

Here is a PoC of what the developer's experience should be: 


The key technologies used to create this are:
  • O2 Platform - glue it all together and REPL script environment
  • Roslyn - code compilation (by Microsoft)
  • Cat.NET - SAST security scanner (by Microsoft)

Here are a number of posts and videos on this topic:
Blog posts by category: