Getting Started
Get security scanning working in your .NET API in under 5 minutes.
Complete Data Isolation
Primus Security runs entirely within your application. No code, secrets, or scan results are ever transmitted to external servers. All scanning happens locally.
1. Install Package
dotnet add package PrimusSaaS.Security
Build from source
If installing from NuGet fails or you need the latest unreleased build:
git clone https://github.com/primussoft/Primus-SaaS-Framework.git
cd Primus-SaaS-Framework
dotnet pack sdk/dotnet/src/PrimusSaaS.Security/PrimusSaaS.Security.csproj -c Release -o ./nupkg
dotnet pack sdk/dotnet/src/PrimusSaaS.Security.Contracts/PrimusSaaS.Security.Contracts.csproj -c Release -o ./nupkg
dotnet nuget add source ./nupkg --name primus-local
dotnet add package PrimusSaaS.Security --source primus-local
2. Add Using Statement
using PrimusSaaS.Security;
using PrimusSaaS.Security.Core;
3. Register in Program.cs
var builder = WebApplication.CreateBuilder(args);
// Add Primus Security
builder.Services.AddPrimusSecurity(opts =>
{
builder.Configuration.GetSection("PrimusSecurity").Bind(opts);
opts.EnableSecretDetection = true;
opts.EnableDependencyScanning = true;
opts.EnableStaticAnalysis = true;
});
var app = builder.Build();
app.MapControllers();
// Expose built-in security endpoints:
// GET /api/security/status
// POST /api/security/scan
// POST /api/security/detect-secrets
app.MapPrimusSecurityEndpoints();
app.Run();
4. Configure appsettings.json
{
"PrimusSecurity": {
"EnableSecretDetection": true,
"EnableDependencyScanning": true,
"EnableStaticAnalysis": true,
"EnablePolicyValidation": true,
"FailOnCritical": false,
"CveDatabasePath": "data/cve-database.db"
}
}
5. Add Security Controller (Optional)
For API-based scanning, add a controller:
[ApiController]
[Route("api/[controller]")]
public class SecurityController : ControllerBase
{
private readonly ISecurityScanner _scanner;
public SecurityController(ISecurityScanner scanner)
{
_scanner = scanner;
}
[HttpPost("scan")]
public async Task<IActionResult> Scan([FromBody] ScanRequest request)
{
var result = await _scanner.ScanAsync(request.Path);
return Ok(result);
}
[HttpPost("detect-secrets")]
public async Task<IActionResult> DetectSecrets([FromBody] DetectSecretsRequest request)
{
var result = await _scanner.ScanContentAsync(request.Content, request.FileName);
return Ok(result);
}
}
6. Test It
# Start your API
dotnet run
# Test security status
curl http://localhost:5000/api/security/status
# Test secret detection (AWS Access Key ID format)
curl -X POST http://localhost:5000/api/security/detect-secrets \
-H "Content-Type: application/json" \
-d '{"content": "aws_access_key_id = AKIAIOSFODNN7EXAMPLE", "fileName": "credentials"}'
Notes:
contentis required. Empty or missing content returns HTTP 400.
Expected Response:
{
"scanId": "...",
"findings": [
{
"ruleId": "PS-SEC-003",
"severity": "Critical",
"title": "Hardcoded Secret Detected",
"line": 1
}
],
"passed": false
}
That's It!
You now have security scanning running locally. Your API can:
- Detect hardcoded secrets (AWS, Azure, Stripe, etc.)
- Scan dependencies for CVE vulnerabilities
- Enforce security policies
- Generate PDF/HTML reports
Next Steps
| Want to... | See Guide |
|---|---|
| Configure secret patterns | Secret Detection |
| Set up CVE database | Dependency Scanning |
| Enforce policies | Policy Engine |
| Generate reports | Enterprise Reporting |
| Add to CI/CD | CI/CD Integration |