PrimusSaaS.Security
Local-only security analysis with static code analysis, dependency scanning, secret detection, and compliance validation.
See also: Security Scanner Quick Start for a 5-minute setup guide.
Installation
dotnet add package PrimusSaaS.Security
Usage
Configure in Program.cs
using PrimusSaaS.Security;
builder.Services.AddPrimusSecurity(options =>
{
options.EnableStaticAnalysis = true;
options.EnableDependencyScanning = true;
options.EnableSecretDetection = true;
options.ComplianceStandards = new[] { "OWASP", "PCI-DSS" };
options.CveDatabasePath = "./SecurityData/cve-database.db";
});
CVE Database is Optional
The CveDatabasePath is only required if you enable EnableDependencyScanning. For secret detection and static analysis only, you can omit this setting. See CVE Database Setup Guide for details.
Verify Security on Startup
var app = builder.Build();
var report = PrimusSecurityExtensions.VerifyDataIsolation();
if (!report.IsFullyIsolated)
{
Console.WriteLine("⚠️ Security issues found!");
Console.WriteLine($"Module Version: {report.ModuleVersion}");
Console.WriteLine($"Scan Timestamp: {report.Timestamp}");
}
Security Status Endpoint
app.MapGet("/security-status", () =>
{
var scanReport = PrimusSecurityExtensions.VerifyDataIsolation();
return new
{
IsSecure = scanReport.IsFullyIsolated,
ModuleVersion = scanReport.ModuleVersion,
ScanTimestamp = scanReport.Timestamp
};
})
.RequireHost("localhost");
Configuration Options
| Option | Type | Default | Description |
|---|---|---|---|
EnableStaticAnalysis | bool | false | Scan code for SQL injection, XSS, etc. |
EnableDependencyScanning | bool | false | Check NuGet packages for CVEs |
EnableSecretDetection | bool | false | Find hardcoded API keys, passwords |
ComplianceStandards | string[] | [] | Validate against OWASP, PCI-DSS |
CveDatabasePath | string | null | Path to CVE database file |
What Gets Scanned
Static Analysis
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Path traversal attacks
- Command injection
- Weak cryptography (MD5, SHA1)
- Insecure deserialization
Secret Detection
- API keys (Stripe, OpenAI, AWS, etc.)
- Database passwords
- JWT secrets
- Encryption keys
- OAuth tokens
Dependency Scanning
- Known CVEs in NuGet packages
- Outdated dependencies
- Security advisories
Compliance Validation
- OWASP Top 10
- PCI-DSS requirements
API Reference
PrimusSecurityExtensions
VerifyDataIsolation()
Runs security scan and returns validation report.
Returns: DataIsolationReport
Properties:
IsFullyIsolated(bool) - True if no issues foundModuleVersion(string) - Scanner versionTimestamp(DateTime) - Scan timestamp
Example:
var report = PrimusSecurityExtensions.VerifyDataIsolation();
Console.WriteLine($"Secure: {report.IsFullyIsolated}");
Data Isolation
Complete Data Isolation
The Security Scanner runs entirely within your application. No code, secrets, or scan results are ever transmitted to external servers. All analysis happens locally.
Next Steps
| Want to... | See Guide |
|---|---|
| Get started in 5 minutes | Quick Start → |
| Fix hardcoded secrets | Secure Configuration → |
| Integrate with CI/CD | Pipeline Integration → |
| Add authentication | Identity Validator → |