Microsoft has recently announced an open-source application software source code analysis tool, Application Inspector. Modern software development practices often require building applications from hundreds of existing components, whether they were written by another team in the organization, an external vendor, or someone in the open-source community. Although this will bring many benefits, such as faster development progress, software quality, and interoperability, etc., it will also bring hidden complexity and risks.
In response to this situation, Microsoft introduced that its internally used tool is Application Inspector, which is a software feature source code analyzer. It can identify software source code features by using static analysis and a customizable json-based rule engine to understand the function of the program.
In the following example, the Application Inspector recognizes the following features:
The Application Inspector includes a filterable confidence indicator to help minimize false positive matches and customizable default rule and condition matching logic, with hundreds of feature detection modes, covering many popular programming languages, It also provides good support for the following types of features:
- Application frameworks (development, testing)
- Cloud / Service APIs (Microsoft Azure, Amazon AWS, and Google Cloud Platform)
- Cryptography (symmetric, asymmetric, hashing, and TLS)
- Data types (sensitive, personally identifiable information)
- Operating system functions (platform identification, file system, registry, and user accounts)
- Security features (authentication and authorization)
You can download the Application Inspector here.