Do you use the best Code Analysis tools?

Last updated by Tom Bui [SSW] about 1 month ago.See history

Whenever you are writing code, you should always make sure it conforms to your team's standards. If everyone is following the same set of rules; someone else’s code will look more familiar and more like your code - ultimately easier to work with.

No matter how good a coder you are, you will always miss things from time to time, so it's a really good idea to have a tool that automatically scans your code and reports on what you need to change in order to improve it.

Visual Studio has a great Code Analysis tool to help you look for problems in your code. Combine this with Jetbrains' ReSharper and your code will be smell free.

CricketHelmet
Figure: You wouldn't play cricket without protective gear and you shouldn't code without protective tools

The levels of protection are:

Level 1

Get ReSharper to green on each file you touch. You want the files you work on to be left better than when you started. See Do you follow the boyscout rule?

You can run through a file and tidy it very quickly if you know 2 great keyboard shortcuts:

  • Alt + [Page Down/Page Up] : Next/Previous Resharper Error / Warning
  • Alt + Enter: Smart refactoring suggestions

48bc81 image001
Figure: ReSharper will show Orange when it detects that there is code that could be improved

ReSharper green
Figure: ReSharper will show green when all code is tidy

Level 2

Use SSW CodeAuditor.

CodeAuditor
Figure: CodeAuditor shows a lot of warnings in this test project

Note: Document any rules you've turned off.

Level 3

Use SSW LinkAuditor.

Note: Document any rules you've turned off.

Level 4

Use StyleCop to check that your code has consistent style and formatting.

StyleCopInVS2010
Figure: StyleCop shows a lot of warnings in this test project

Level 5

Run Code Analysis (was FxCop) with the default settings or ReSharper with Code Analysis turned on.

CodeAnalysisVS11
Figure: Run Code Analysis in Visual Studio

codeanalysis
Figure: The Code Analysis results indicate there are 17 items that need fixing

Level 6

Ratchet up your Code Analysis Rules until you get to 'Microsoft All Rules'.

image003
Figure: Start with the Minimum Recommended Rules, and then ratched up.

Level 7

Document any rules you've turned off.

All of these rules allow you to disable rules that you're not concerned about. There's nothing wrong with disabling rules you don't want checked, but you should make it clear to developers why those rules were removed.

Create a GlobalSuppressions.cs file in your project with the rules that have been turned off and why.

suppressions file
Figure: The suppressions file tells Code Analysis which rules it should disable for specific code blocks

More Information: Do you make instructions at the beginning of a project and improve them gradually? and https://docs.microsoft.com/en-us/visualstudio/code-quality/in-source-suppression-overview

Level 8

The gold standard is to use SonarQube, which gives you the code analysis that the previous levels give you as wells as the ability to analyze technical debt and to see which code changes had the most impact to technical debt

2016 06 08 12 59 38
Figure: SonarQube workflow with Visual Studio and Azure DevOps

2016 06 08 12 59 53
Figure: SonarQube gives you the changes in code analysis results between each check-in

We open source. Powered by GitHub