Monday, 25 June 2012

Enabling CAT.Net to work with Visual Studio 2010

Microsoft recommends using their CAT.Net Security Code Analysis tool as part of the SDL (Software Development Process). Unfortunately, latest released version is CAT.Net v1 CTP. There was CAT.Net 2.0 Beta but it disappeared even from Microsoft's sites due to some incompatibility or missing libraries (where??).

What is left of CAT.Net 2.0 for the community is this video on Channel 9.

CAT.Net 1.0 doesn't work with Visual Studio 2010 unless you manually alter (hack) its config file a little. See below.

  1. Close Visual Studio 2010 IDE
  2. Find this file: %APPDATA%\Microsoft\MSEnvShared\Addins\Microsoft.ACESec.CATNet.AddIn
  3. Edit it in your preferred text editor, adding the line <Version>10.0</Version> right after <Version>9.0</Version>
  4. Open IDE again. Go to Tools->CAT.Net Code Analysis

Hope it helps.

P.S.: there is some information on how to use CAT.Net and OWASP O2 Platform along with Roslyn compiler outside of the IDE. It is all on Dinis Cruz blog.

Update 1: Found a blog post from April 2011 which says this:
At this point in time we are accepting recommendations, suggestions and new features.  However, we do not have any planned updates for the remainder of the fiscal year.  We are going through our FY12 planning and CAT.NET is on the list of requests for next year.  We will know by the end of June if funding has be approved.  At that time we’ll notify people of the budgetary decisions. 

No comments:

Post a Comment