ShiftLeft products support applications written in C# 7.0.

ShiftLeft Inspect for C#

The analysis of .NET applications with the following characteristics is supported:


Target Type



MSBuild format (.csproj file).

Build environment

.NET Framework targets

.NET 4.6.1 and MSBuild 15.0.

.NET Core targets

.NET Core 2.1 or above.

ShiftLeft Inspect's .NET code analysis is performed on source code (not on the equivalence of byte code), and does an actual build of your application as part of the process. Therefore, the system that ShiftLeft Inspect analyzes must be able to successfully build your application.

Make sure you have restored dependencies and project-specific tools, before you analyze your application using ShiftLeft Inspect. Use dotnet restore for applications based on .NET Core; use nuget restore for .NET Framework.

After installing the ShiftLeft Command Line Interface (CLI) and authenticating, use the following command to analyze your C# application with ShiftLeft Inspect

sl analyze --app <name> --csharp [--dotnet-core|--dotnet-framework] [<path>]


--app <name> analyze the application of <name>.

--csharp identity of the application's language.

<path> location of the .csproj or .sln file to be analyzed.

Combining C# Projects for Analysis

You can combine multiple C# projects for analysis as follows:

sl analyze --app Xyz --csharp [--dotnet-core|--dotnet-framework] --dep ClassLibrary2\ClassLibrary2.csproj ConsoleApp1\ConsoleApp1.csproj

The --dep option allows you to filter for the subprojects on which the primary .csproj file depends. This allows you to adopt the middle ground between analyzing just the primary file

sl analyze csharp --app Xyz app.csproj

and analyzing the primary file with all of its subprojects

sl analyze csharp --app Xyz app.csproj --csharp2cpg-args "--with-ProjectReference"

Required MSBuild Information

To determine the version of MSBuild installed in your system:

  1. In the Windows search bar, type Developer Command Prompt for VS.

  2. Invoke MSBuild with the version flag: msbuild /version.

To verify whether a .NET Framework target can be built with MSBuild 15.0:

  1. Open the Developer Command Prompt for VS.

  2. Navigate to the project location.

  3. Restore NuGet packages, if any, using the command nuget.exe restore MySolution.sln.

  4. Trigger a build using the command msbuild MyProject.csproj (and apply additional options, if necessary).

Next Steps

Analyze Applications

Identify Branch Names

Fail a Build Based on Analysis Results

ShiftLeft Ocular for C#

After installing the ShiftLeft Command Line Interface (CLI), authenticating and starting ShiftLeft Ocular, create the Code Property Graph (CPG) for your C# application using

ocular> createCpg(<inputPaths>)

where <inputPaths> is the path of the target application; multiple applications are separated by a comma. For C#, the path is the project file .csproj.

Next Steps

Generate the Security Profile

Querying the CPG and Security Profile

Uncover the Attack Surface

ShiftLeft Protect for C#

ShiftLeft Protect requires a Windows operating system with the .NET Framework runtime version 4.5 or later installed, and works with 64-bit .NET Framework applications. ShiftLeft Protect must be able to download data from, and push metrics to, the ShiftLeft Proxy server over the secure port 443.

The ShiftLeft Protect Windows installer places the Microagent's .NET assemblies into the Global Assembly Cache (GAC). If you are running your application in Microsoft Azure as an AppService, you need to use a Windows Docker Container. See Windows Container Support in Azure App Service for details on this configuration.





.NET Framework Runtime

version 4.5 or higher

After installing the ShiftLeft Command Line Interface (CLI) and authenticating, use the following command to monitor and protect your C# application with ShiftLeft Protect

sl run --app <name> --csharp


--app <name>. Specifies your application's unique name.

--csharp identity of the application's language.

Next Steps

Secure Your Applications Using ShiftLeft Protect

Run ShiftLeft Protect

The ShiftLeft JSON File