Getting Started

Get security scanning working in your .NET API in under 5 minutes.

Complete Data Isolation

Primus Security runs entirely within your application. No code, secrets, or scan results are ever transmitted to external servers. All scanning happens locally.

1. Install Package

dotnet add package PrimusSaaS.Security

2. Add Using Statement

using PrimusSaaS.Security;
using PrimusSaaS.Security.Core;

3. Register in Program.cs

var builder = WebApplication.CreateBuilder(args);

// Add Primus Security
builder.Services.AddPrimusSecurity(opts =>
{
    builder.Configuration.GetSection("PrimusSecurity").Bind(opts);
    opts.EnableSecretDetection = true;
    opts.EnableDependencyScanning = true;
    opts.EnableStaticAnalysis = true;
});

var app = builder.Build();

// Verify data isolation on startup (optional)
var verification = PrimusSecurityExtensions.VerifyDataIsolation();
if (!verification.IsFullyIsolated)
{
    Console.WriteLine("Warning: Security module not fully isolated");
}

app.MapControllers();
app.Run();

4. Configure appsettings.json

{
  "PrimusSecurity": {
    "EnableSecretDetection": true,
    "EnableDependencyScanning": true,
    "EnableStaticAnalysis": true,
    "EnablePolicyValidation": true,
    "FailOnCritical": false,
    "CveDatabasePath": "data/cve-database.db"
  }
}

5. Add Security Controller (Optional)

For API-based scanning, add a controller:

[ApiController]
[Route("api/[controller]")]
public class SecurityController : ControllerBase
{
    private readonly ISecurityScanner _scanner;

    public SecurityController(ISecurityScanner scanner)
    {
        _scanner = scanner;
    }

    [HttpPost("scan")]
    public async Task<IActionResult> Scan([FromBody] ScanRequest request)
    {
        var result = await _scanner.ScanAsync(request.Path);
        return Ok(result);
    }

    [HttpPost("detect-secrets")]
    public async Task<IActionResult> DetectSecrets([FromBody] DetectSecretsRequest request)
    {
        var result = await _scanner.ScanContentAsync(request.Content, request.FileName);
        return Ok(result);
    }
}

6. Test It

# Start your API
dotnet run

# Test security status
curl http://localhost:5000/api/security/status

# Test secret detection (AWS Access Key ID format)
curl -X POST http://localhost:5000/api/security/detect-secrets \
  -H "Content-Type: application/json" \
  -d '{"content": "aws_access_key_id = AKIAIOSFODNN7EXAMPLE", "fileName": "credentials"}'

Notes:

content is required. Empty or missing content returns HTTP 400.

Expected Response:

{
  "scanId": "...",
  "findings": [
    {
      "ruleId": "SEC001",
      "severity": "Critical",
      "title": "Hardcoded Secret: AWS Access Key ID",
      "line": 1
    }
  ],
  "passed": false
}

That's It!

You now have security scanning running locally. Your API can:

Detect hardcoded secrets (AWS, Azure, Stripe, etc.)
Scan dependencies for CVE vulnerabilities
Enforce security policies
Generate PDF/HTML reports

Next Steps

Want to...	See Guide
Configure secret patterns	Secret Detection
Set up CVE database	Dependency Scanning
Enforce policies	Policy Engine
Generate reports	Enterprise Reporting
Add to CI/CD	CI/CD Integration

1. Install Package​

2. Add Using Statement​

3. Register in Program.cs​

4. Configure appsettings.json​

5. Add Security Controller (Optional)​

6. Test It​

That's It!​

Next Steps​