Security Overview
The Primus Security suite provides local-first scanning, optional AI helpers, and report formatters for .NET applications. Version 2.2.0 — all 8 roadmap phases complete.
No Java, no PostgreSQL, no server process. Add one NuGet package and call services.AddPrimusSecurity(). Runs fully offline and air-gap safe.
What's included
| Capability | Detail |
|---|---|
| 60 Roslyn SAST analyzers | PS0001–PS0062 (all unique), OWASP Top 10 2021, CWE Top 25 |
| 67-entry rule catalog | Every rule has what/why/howToFix, before/after code examples |
| Cross-file taint analysis | Follows taint across Controller → Service → Repository up to 5 hops |
| 100 secret patterns | AWS, GitHub, Azure, Stripe, Kubernetes, JWT, PEM, and more |
| A–E security ratings | SonarQube Developer Edition parity on ScanResult.Ratings |
| Code duplication detection | Token-based Rabin-Karp, --duplication CLI flag |
| SARIF 2.1.0 export | GitHub Advanced Security + Azure DevOps compatible |
| OWASP Top 10 2021 report | Free — Enterprise-only in SonarQube |
| Persistent suppression store | .primus-suppressions.json with full audit trail |
| Quality gates | Per-severity thresholds, baseline delta, configurable presets |
| MCP server | 4 AI tools for Claude Desktop, VS Code Copilot, Cursor |
| VS Code extension | Real-time panel, inline diagnostics, one-click patches |
CLI: primus-scan | dotnet tool install -g PrimusSaaS.Security.Cli |
Available Packages
Core Security
PrimusSaaS.Security v2.2.0
60 Roslyn SAST analyzers, cross-file taint, secret detection, quality gates, A-E ratings, code duplication.
Security Reporting
PrimusSaaS.Security.Reporting v2.2.0
SARIF 2.1.0, OWASP Top 10 report, PDF/HTML/CSV/JSON formatters, branded HTML reports.
AI Security (Preview)
PrimusSaaS.Security.AI v2.2.0
Heuristic AI endpoints plus remediation agent.
Quick start
dotnet add package PrimusSaaS.Security
builder.Services.AddPrimusSecurity(opts =>
{
opts.QualityGate.MaxCritical = 0;
opts.EnableDuplicationDetection = true;
});
See Getting Started for a complete 5-minute walkthrough.
VS Code Extension
Install primus-security-1.0.0.vsix for real-time findings inline in your editor.
See the VS Code Extension guide.