Skip to main content

C# Support

Skylos analyzes C# source with lightweight symbol extraction for dead code and selected security checks. It is designed to make .cs files visible in the normal Skylos workflow without requiring MSBuild, Roslyn, or the .NET SDK.

File Coverage

AreaSupport
Extensions.cs
Dead codeClasses, methods, and direct references
SecuritySelected ASP.NET/request input to process, SQL, HTTP, redirect, and filesystem sinks
QualityNo dedicated C# quality rules yet

Dead Code Detection

C# analysis recognizes class and method declarations, imports, and direct method references. Findings are normalized into the same report shape as other languages, so C# files appear in CLI, JSON, SARIF, MCP, and Cloud output.

skylos .

Security Scope

C# security checks track request-like or user-controlled values into selected high-risk sinks:

  • process execution such as Process.Start and ProcessStartInfo
  • SQL command construction such as SqlCommand, DbCommand, and raw SQL APIs
  • HTTP requests such as HttpClient.GetAsync, SendAsync, and WebRequest
  • filesystem APIs under File and Directory
  • ASP.NET redirect sinks
skylos . --danger

Limitations

C# support is intentionally lightweight today. Skylos does not run MSBuild, Roslyn analyzers, NuGet restore, or .NET type resolution. Use dotnet build, dotnet test, Roslyn analyzers, and project-specific security checks alongside Skylos when you need compiler-level validation.