Microsoft: Application Inspector is now open source, so use it to test code security
Microsoft has released the Microsoft Application Inspector, a cross-platform open-source command-line tool that its engineers use to quickly probe third-party open-source software components for security issues.
The static source-code analyzer aims to help developers handle potential security issues that arise through code reuse when incorporating open-source components, such as software libraries, into a project.