Do you use the best Code Analysis tools?
  v20.0 Posted at 30/07/2019 11:20 AM by Tiago Araujo

Whenever you are writing code, you should always make sure it conforms to your team's standards. If everyone is following the same set of rules; someone else’s code will look more familiar and more like your code - ultimately easier to work with.

No matter how good a coder you are, you will always miss things from time to time, so it's a really good idea to have a tool that automatically scans your code and reports on what you need to change in order to improve it.

Visual Studio has a great Code Analysis tool to help you look for problems in your code. Combine this with Jetbrains' ReSharper and your code will be smell free.

The levels of protection are:

Figure: You wouldn't play cricket without protective gear and you shouldn't code without protective tools

Level 1

Get ReSharper to green on each file you touch. You want the files you work on to be left better than when you started. See Do you follow the boyscout rule?

Tip: You can run through a file and tidy it very quickly if you know two great keyboard shortcuts:

  • Alt + [Page Down/Page Up] : Next/Previous Resharper Error / Warning
  • Alt + Enter: Smart refactoring suggestions
Image 01
Figure: ReSharper will show Orange when it detects that there is code that could be improved
Figure: ReSharper will show green when all code is tidy

Level 2

Is to use Code Auditor.

Figure: Code Auditor shows a lot of warnings in this test project

Note: Document any rules you've turned off.

Level 3

Is to use Link Auditor.

Note: Document any rules you've turned off.

Level 4

Is to use StyleCop to check that your code has consistent style and formatting.

Figure: StyleCop shows a lot of warnings in this test project

Level 5

Run Code Analysis (was FxCop) with the default settings or ReSharper with Code Analysis turned on

Figure: Run Code Analysis in Visual Studio
Code Analysis
Figure: The Code Analysis results indicate there are 17 items that need fixing

Level 6

Ratchet up your Code Analysis Rules until you get to 'Microsoft All Rules'

Figure: Start with the Minimum Recommended Rules, and then ratched up.

Level 7

Is to document any rules you've turned off.

All of these rules allow you to disable rules that you're not concerned about.  There's nothing wrong with disabling rules you don't want checked, but you should make it clear to developers why those rules were removed.

Create a GlobalSuppressions.cs file in your project with the rules that have been turned off and why.

Figure: The suppressions file tells Code Analysis which rules it should disable for specific code blocks

More Information: Do you make instructions at the beginning of a project and improve them gradually? and https://docs.microsoft.com/en-us/visualstudio/code-quality/in-source-suppression-overview


Level 8

The gold standard is to use SonarQube, which gives you the code analysis that the previous levels give you as wells as the ability to analyze technical debt and to see which code changes had the most impact to technical debt
Figure:  SonarQube workflow with Visual Studio and Azure DevOps​
Figure: SonarQube gives you the changes in code analysis results between each check-in

Related rules

    Do you feel this rule needs an update?

    If you want to be notified when this rule is updated, please enter your email address: