Microsoft announced a source code analyzer called Microsoft Application Inspector that can help developers identify “interesting” features and metadata.
The tool is a cross-platform CLI that can produce output in multiple formats including JSON and interactive HTML.
Application Inspector can help identify high-risk components and unexpected features that require additional scrutiny under the theory that a vulnerability in a component that is involved in cryptography, authentication, or deserialization would likely have higher impact than others.
“Application Inspector differs from more typical static analysis tools in that it isn’t limited to detecting poor programming practices; rather, it surfaces interesting characteristics in the code that would otherwise be time-consuming or difficult to identify through manual introspection. It then simply reports what’s there, without judgement,” Microsoft said in a post.
Application Inspector comes with feature detection patterns with good support for application frameworks, cloud and service APIs, cryptography, different data types, operating system functions, and security features.
The full details on the tool are available here.