Static Code Analysis based on Microsoft Rules

This is the tenth blog of a series of posts about the topics Continuous Integration and Continuous Delivery. It explains how important continuous integration is to deliver software in short iterations to the customer with a high quality standard.

In this post and the next one I want to show how static code analysis can be used to improve the code quality and execute them during the build or check-in process. First of all I want to show how to enable the build-in Microsoft Code Analysis. It is actually a great feature which is not well known and just rarely used.

There is a "Code Analysis" tab in the project settings where the static code analysis can be enabled and the rule sets can be selected:

There are a couple of predefined rule sets from Microsoft. At least the "Microsoft Minimum Recommended Rules" should be enabled because it includes checks for potential application crashes, security holes and other important issues. If, for instance, an IDisposable object is not released, a warning is shown by the Code Analysis during the CI Build:

The Code Analysis is a simple and fast way to enable static code checks to prevent typical errors based on rule definitions from Microsoft.

No comments:

Post a Comment