Microsoft has published on GitHub, a platform owned by them, a code analysis tool created to help you understand what exactly a source code does. This could have interesting security applications, knowing if a source code can have some unwanted functions that would be difficult to know without meticulously reviewing the source code of the program or service that you are going to use.
With Microsoft Application InspectorAs the tool written on .NET Core has been called, you will be able to examine millions of lines of code in a matter of no time. A final report will show you all the information you need to know if it could involve security risks or if it has functions that are not desired. In addition, it is compatible with a large number of programming languages, so it can have great support.
One of the advantages of Microsoft Application Inspector can be closely related to the security threat detection in the source code of open source applications and services. But from the company they have ensured that their functions go beyond that. For example, identify important changes between code, new features that have been implemented, etc.
Microsoft has also detailed the reason for the launch of this tool, and it is help customers to deal with the inherent risks of relying on open source software, detecting threats, cool features, and hard-to-identify metadata manually. However, they forget that there is something with more inherent risk than relying on open source software, and that is relying on proprietary or closed source software and services like many Microsoft products.
Be that as it may, Microsoft Application Inspector can be interesting for many companies that use open source, allowing them to automatically analyze the code of everything they want to use to determine that it is reliable, as well as knowing exactly what it does. For example, some companies contribute with open source projects which they then use for their services, but the company has probably only provided a few lines or touch-ups in certain parts. But they still don't know what the rest of the code does. For this I could help ...