Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining (what the software is
or what it does .
Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns; It simply reports what it finds against a set of over 728 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.
The tool includes several output formats with the default being an html report similar to the one shown here.
Export default rule tags to console
dotnet AppInspector.dll exporttagsUsing output file
dotnet AppInspector.dll exporttags -o /home/user/myproject/exportags.txtWith custom rules and output file
dotnet AppInspector.dll exporttags -r /home/user/myproject/customrules -o /hom/user/myproject/exportags.txtVerify Command
Verification that ruleset is compatible and error free for import and analysis
Usage: dotnet AppInspector.dll verifyrules [arguments] [high|medium|lowExport default rule tags to console
dotnet AppInspector.dll exporttagsUsing output file
dotnet AppInspector.dll exporttags -o /home/user/myproject/exportags.txtWith custom rules and output file
dotnet AppInspector.dll exporttags -r /home/user/myproject/customrules -o /hom/user/myproject/exportags.txtVerify Command
Verification that ruleset is compatible and error free for import and analysis
Usage: dotnet AppInspector.dll verifyrules [arguments] [high|medium|lowExport default rule tags to console
dotnet AppInspector.dll exporttagsUsing output file
dotnet AppInspector.dll exporttags -o /home/user/myproject/exportags.txtWith custom rules and output file
dotnet AppInspector.dll exporttags -r /home/user/myproject/customrules -o /hom/user/myproject/exportags.txtVerify Command
Verification that ruleset is compatible and error free for import and analysis
Usage: dotnet AppInspector.dll verifyrules [arguments] It includes a filterable confidence indicator to help minimize false positives matches as well as customizable default rules and conditional match logic.
Be sure to see our project wiki page for more help https://Github.com/Microsoft/ApplicationInspector/wiki 
for (illustrations and additional information and help.
Application Inspector helps inform you better for choosing the best components to meet your needs with a smaller footprint of unknowns for keeping your application attack surface smaller. It helps you to avoid inclusion of components with unexpected features you don't want.
Application Inspector can help
identify feature deltas or changes between component versions which can be critical for detecting injection of backdoors. It can be used to
automate detection
of features of interest to identify components that require additional scrutiny as part of your build pipeline or create a repository of metadata regarding all of your enterprise application.
Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well.
Application Inspector v1.0 is now in GENERAL AUDIENCE release status. Your feedback is important to us. If you're interested in contributing, please review the CONTRIBUTING.md.
We have a strong default starting base of Rules for feature detection. But there are many feature identification patterns yet to be defined and we invite you to submit ideas on what you want to see or take a crack at defining a few. This is a chance to literally impact the open source ecosystem helping provide a tool that everyone can use. See the Rules section of the wiki for more.
for (illustrations and additional information and help. 
GIPHY App Key not set. Please check settings