Skip to main content
Version: Current

Core Security

Production Ready v2.4.9

This module is production-ready. Static analysis runs via 62 Roslyn analyzers at scan time via scanner.ScanAsync() — not at build time. Dependency scanning uses the live OSV.dev API; no local CVE database required for basic CVE scanning.

Overview

Core Security provides local-first scanning for .NET applications:

  • Secret detection and content scanning.
  • Dependency vulnerability scanning when a local CVE database is present.
  • Roslyn analyzers for common OWASP patterns (runs at build/CI time, not via ScanAsync).
  • Optional policy validation against scan results.

No external network calls are made by default. Any outbound integration depends on how you configure your own app.

Integration Guide

Step 1: Install the package

dotnet add package PrimusSaaS.Security

Step 2: Configure Program.cs

using PrimusSaaS.Security;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddPrimusSecurity(options =>
builder.Configuration.GetSection("PrimusSecurity").Bind(options));

var app = builder.Build();

Step 3: Configure appsettings.json

{
"PrimusSecurity": {
"EnableStaticAnalysis": true,
"EnableDependencyScanning": true,
"EnableSecretDetection": true,
"EnablePolicyValidation": true,
"FailOnCritical": false
}
}
Optional configuration fields
  • CveDatabasePath — path to a local SQLite CVE database for offline CVE scanning. Not required — by default, dependency scanning uses the live OSV.dev API with no configuration.
  • PoliciesPath — directory containing custom policy rule files (JSON).
  • ComplianceStandards — list used for internal report mapping only (["OWASP", "PCI-DSS"]). Does not certify compliance.
  • DataPath, FindingsPath, ReportsPath — local filesystem paths for persisted output. Optional.

Step 4: Configure endpoint

Map the built-in security endpoints:

app.MapPrimusSecurityEndpoints();
app.Run();

This exposes:

  • POST /api/security/scan
  • POST /api/security/detect-secrets
  • GET /api/security/status

Step 5: Test the endpoint

curl http://localhost:5000/api/security/status
curl -X POST http://localhost:5000/api/security/scan \
-H "Content-Type: application/json" \
-d '{ "path": "./" }'