As a developer, you always have to take the pain of getting adapted to the best practices and coding guidelines to be followed as per the organizational or industrial standards. Easy way to ensure your coding style follows certain standard is to manually analyze your code or use a static code analyzer like FxCop, StyleCop etc. Earlier days I have been a fan of FxCop as it was free and it provides me all necessary general guidelines in terms of improving my solution.
In this modern world of programming everything needs to be automated, as it saves time and money in terms of automating repetitive tasks and improves efficiency. This is where static code analysers coming effective.
What is Static Code Analysis?
Static program analysis is the analysis of computer software that is performed without actually executing programs, on some version of the program source code, and in the other cases, some form of the object code or intermediate compiled code .
Sophistication of static program analysis increases is based on how deep they analyze in terms of behavior of individual statements and declarations, to analyzing the entire source code.
PS: Analysis performed on executing programs is known as dynamic analysis.
In this article I will give you an overview of one such premier static code analysis tool that can be used for your daily development routine plus use it for CI integration for DevOps efficiency.
NDepend:
NDepend is a static analysis tool for .NET, specifically for managed code: NDepdend supports a large number of code metrics, allowing to visualize dependencies using directed graphs and dependency matrix. It also performs code base snapshots comparisons, and validation of architectural and quality rules.
The important capabilities of NDepend are:
- Dependency Visualization through dependency matrix and graphs.
- Analyse and generate software quality metrics – as per the documentation it supports 82 quality metrices.
- Declarative rule support through LINQ queries, and it is called CQLinq and comes with a large number of predefined CQLinq rules.
- Integration support for Cruise Control.Net, SonarCube, am City. Code rules can be configured to be checked automatically in Visual Studio or during continuous integration(CI).
License: NDepend is a commercial tool with licensing options as below:
- Developer seats – $477 approx. / per seat.
- Build Machine seats – $955 approx. / per seat.
** You could get volume discount if you bulk procure your licenses.
Installation:
Once you obtained license you will able to download NDepend_2018.1.1.9041.zip, is latest version available while I write this article. Extract the zip file into your local folder, you could see the different packages/executables within the package.
1.) NDepend.Console – Command line program to execute NDepend analysis. You would be mostly using this component on CI Build server Help
2.) NDepend.PowerTools – Helps write your own static analyzer based on NDepend.API, or tweak existing open-source Power Tools. Help
3.) NDepend.VisualStudioExtension.Installer – To install NDepend extension as part of Visual studio
4.) VisualNDepend – Independent visual environment for managing your NDepend tasks.
Visual Tool gives you different options to choose from:
- You can analyse a Visual Studio Solution or project.
- Analyse .NET assemblies in a folder.
For the demo purpose our analysis target would be one of the starter project from github – ContosoUniversity by @alimon808.
Demo: Summary Report
Demo: Application Metrics
Demo: Dependency Dashboard:
Demo: Interactive Graph
Demo: Code Matrix View
Demo: Quality Gates Summary
Demo: Rules Summary
Conclusion:
NDepend is one of the best enterprise grade commercial static analyser seen so far. There are Visual Studio Code Analysis, FxCop and Stylecop Analyzer tools available but they do not provide extensive level of analysis reports NDepend provides. Being a commercial tool it gives value for money for customers by what they need. In terms of a day to day developer or devops lifecycle, you can integrate NDepend in your build process, which could be simple as executing the NDepend Console and reviewing the output. With NDepend’s API it is easy to develop your own custom analysis tools based on CQLinq and NDepend.PowerTools(which is open source). You could find all the detailed help in NDepend documentation.
References:
- https://www.ndepend.com/docs/getting-started-with-ndepend
- https://www.pluralsight.com/courses/practical-ndepend
Related Posts
Scaling Up Your Pods: How Horizontal Pod Autoscaling Wins
Achieving DevOps Harmony: Building and Deploying .NET Applications with AWS Services
Mastering AWS EKS Deployment with Terraform: A Comprehensive Guide
Introduction to Site Reliability Engineering (SRE) in Azure: Achieving Higher Reliability with AKS and Essential Tools- Mastering AWS, EKS, Python, Kubernetes, and Terraform for Monitoring and Observability for SRE: Unveiling the Secrets of Cloud Infrastructure Optimization
- Mastering DevSecOps: Key Metrics and Strategies for Success