Skip to main content
Version: 2026.04.0

PrimusSaaS.Security

Local-only security analysis with static code analysis, dependency scanning, secret detection, and compliance validation.

See also: Security Scanner Quick Start for a 5-minute setup guide.

Installation

dotnet add package PrimusSaaS.Security

Usage

Configure in Program.cs

using PrimusSaaS.Security;

builder.Services.AddPrimusSecurity(options =>
{
options.EnableStaticAnalysis = true;
options.EnableDependencyScanning = true;
options.EnableSecretDetection = true;
options.ComplianceStandards = new[] { "OWASP", "PCI-DSS" };
options.CveDatabasePath = "./SecurityData/cve-database.db";
});
CVE Database is Optional

The CveDatabasePath is only required if you enable EnableDependencyScanning. For secret detection and static analysis only, you can omit this setting. See CVE Database Setup Guide for details.

Verify Security on Startup

var app = builder.Build();

var report = PrimusSecurityExtensions.VerifyDataIsolation();
if (!report.IsFullyIsolated)
{
Console.WriteLine("⚠️ Security issues found!");
Console.WriteLine($"Module Version: {report.ModuleVersion}");
Console.WriteLine($"Scan Timestamp: {report.Timestamp}");
}

Security Status Endpoint

app.MapGet("/security-status", () => 
{
var scanReport = PrimusSecurityExtensions.VerifyDataIsolation();
return new
{
IsSecure = scanReport.IsFullyIsolated,
ModuleVersion = scanReport.ModuleVersion,
ScanTimestamp = scanReport.Timestamp
};
})
.RequireHost("localhost");

Configuration Options

OptionTypeDefaultDescription
EnableStaticAnalysisboolfalseScan code for SQL injection, XSS, etc.
EnableDependencyScanningboolfalseCheck NuGet packages for CVEs
EnableSecretDetectionboolfalseFind hardcoded API keys, passwords
ComplianceStandardsstring[][]Validate against OWASP, PCI-DSS
CveDatabasePathstringnullPath to CVE database file

What Gets Scanned

Static Analysis

  • SQL Injection vulnerabilities
  • Cross-Site Scripting (XSS)
  • Path traversal attacks
  • Command injection
  • Weak cryptography (MD5, SHA1)
  • Insecure deserialization

Secret Detection

  • API keys (Stripe, OpenAI, AWS, etc.)
  • Database passwords
  • JWT secrets
  • Encryption keys
  • OAuth tokens

Dependency Scanning

  • Known CVEs in NuGet packages
  • Outdated dependencies
  • Security advisories

Compliance Validation

  • OWASP Top 10
  • PCI-DSS requirements

API Reference

PrimusSecurityExtensions

VerifyDataIsolation()

Runs security scan and returns validation report.

Returns: DataIsolationReport

Properties:

  • IsFullyIsolated (bool) - True if no issues found
  • ModuleVersion (string) - Scanner version
  • Timestamp (DateTime) - Scan timestamp

Example:

var report = PrimusSecurityExtensions.VerifyDataIsolation();
Console.WriteLine($"Secure: {report.IsFullyIsolated}");

Data Isolation

Complete Data Isolation

The Security Scanner runs entirely within your application. No code, secrets, or scan results are ever transmitted to external servers. All analysis happens locally.

Next Steps

Want to...See Guide
Get started in 5 minutesQuick Start →
Fix hardcoded secretsSecure Configuration →
Integrate with CI/CDPipeline Integration →
Add authenticationIdentity Validator →