Static Code Analysis - Part 2

In my last post, I showed how you could enable static code analysis for a visual studio project.  However, you can also set up static code analysis at a more global level if you are using Team Foundation Server for source code control.

Within a Team Project, you can set up a check-in policy that requires the code to pass static code analysis.  You can do this by simply right-clicking on the Team Project and selecting Source Control from the Team Project Settings.

image

From the Source Control Settings dialog, click on the Check-In Policy tab. and click the Add... button.  (Note - I already have the Code Analysis policy set for my project in the image below.)

image 

Click the Add... button to add a new check-in policy and select Code Analysis from the menu.

image

From here, you should be able set up the rules just as you would at the project level.  Any rules you specify should generate an error when violated, and therefore, the code will not compile.  As a result, the developers will not be able to check-in code that violates any of the rules that you have set for the team.

image

So, if you have already set up rules within your projects, another nice feature in Visual Studio is the ability to synch up your settings in each project with those set at the check-in policy level.  You can do this by selecting the Replace with Check-in Policy under Analyze/Code Analysis Settings for Solution in Visual Studio.

image

All of the settings in your current projects will match those set at the Team Project level.  None of your previous suppressions attributes should have been removed.

Hope this helps!

Static Code Analysis - Part 1

The static code analysis within Visual Studio is a great way of automating initial code review.  In order to turn it on do the following.

1.  Go to Properties within the particular project.

Code analysis can only be enabled at the project level, so the first step is to go to your properties section of each project you want enabled for code analysis.

2.  Go to the Code Analysis tab.

3.  At the top, check the box that "Enable Code Analysis on Build..."

4.  On the right-hand side of the screen, check the box for those rules that you want treated as an error.  (By default it is treated as a warning and will not stop the build process.)

image

Sometimes the rules may not make sense for projects where a lot of code is auto-generated.  In this case, you could leave that rule as a warning in the project settings. 

In other cases, you may want to suppress the errors for particular members of your types or for whole namespaces.  This can be done by right-clicking on the rule violation in the Error List that appears when compiling your project and selecting a Suppress Message option.

image

As seen above, this can either be set within your source or in a project suppression file.  You can learn more about this here.