How to ensure that there is no security vulnerability in the code?
How to make sure that developers are following the coding standards?
Is there any way to reduce code revision?
What is code analysis?
Code Analysis vs. Code Review
Why code analysis?
Code analysis & Source control servers
What are the tools available?
What is code analysis? Code analysis (Aka. Static program analysis) is the analysis of computer software that is performed without actually executing programs. In most cases the analysis is performed on some version of the source code, and in the other cases, some form of the object code. The term is usually applied to the analysis performed by an automated tool. - Wikipedia
Code Reviews vs. Code Analysis I always detect some I can detect any rule rules violation. violation - Code Analysis - Code Reviewer Police Man Speed Detectors
Why static code analysis?
Usually we can’t review all the code written by developers.
To improve code quality
To avoid common security vulnerability.
To avoid common coding issues.
To improve code performance.
Do you monitor and fix code problems? Fix All; 8% Don't Monitor and Don't fix; 39% Fix Some; 41% Monitor but not fix; 12%
Code Analysis and Source Control Servers Some Code Analysis tools can be integrated with Source Control Servers in order to run in the server and validate code checked-ins and reported issues. Check-in Report Developer Source Control Manager Server
What are the tools available? For .NET Platform there is the following:
Visual Studio Code Analysis (out of the box with Visual Studio).
CodeIt.Right (+Automatic Refactoring)
FxCop (by Microsoft)
Parasoft dotTEST (+Unit Testing)
Visual Studio Code Analysis It can be found in the properties page.
Available VS Rule Sets 1. All Rules rule set 2. Basic Correctness Rules rule set for managed code 3. Basic Design Guideline Rules rule set for managed code 4. Extended Correctness Rules rule set for managed code 5. Extended Design Guidelines Rules rule set for managed code 6. Globalization Rules rule set for managed code 7. Managed Minimum Rules rule set for managed code 8. Managed Recommended Rules rule set for managed code 9. Mixed Minimum Rules rule set 10.Mixed Recommended Rules rule set 11.Native Minimum Rules rule set 12.Native Recommended Rules rule set 13.Security Rules rule set for managed code
Demo 1: Visual Studio Code Analysis
Open a project
Check Rule Set
Run Code Analysis
Change Rule Set
Run Code Analysis.
Demo 2: Create Custom Rule
How to create a custom rule to avoid underscore ‘_’ symbol in class name.