I'm looking for an alternative tool to CAT.NET for performing static security scans on .NET code. Currently the CAT.NET tooling/development is at a somewhat fragile stage and doesn't offer the reliability that I'm looking for.
Are there any alternative static code analyzers that you use for detecting security issues?
Check out FxCopy, StyleCop, CodeIt.Right, Coverity and there's one from red-gate.com which finds weak exception handling. Also checkout DevPartner Studio. Google for the links.
You should now find that CAT.NET is in a much better state. It's been re-written from the ground up and will ship with Visual Studio 2010 later this year.
Before looking at the other code review tools its worth considering what you are looking for in terms of inter-proceedural or intra-proceedural static analyis or the black-box HTTP scanners (that dont operate on code).
All of these tools will only likeely find 25-50% of the security issues (and thats from the person who ran the team that built CAT.NET). They can only ever find certain types of issues.