I consider myself blessed to have found a challenging job at a very cool company. Sonoma Partners provides me with interesting client work full of developer problems to solve AND supports me in exploring new tools and techniques that can make our team more effective. I recently took on an initiative with my teammate Dave Smith to incorporate static code analysis into our project development life cycle. Since other developer teams may be making the jump to Visual Studio 2010, we wanted to share our experiences applying the VS2010 code analysis tool on top of our projects. For those of you new to code analysis, I strongly recommend perusing the Microsoft Code Analysis team blog ; if you are migrating to VS2010 Premium or Ultimate edition, you can jump straight to their post on what’s new in VS2010 code analysis . In essence, you can configure the code analysis tool (or FxCop if you don’t have VS2010 Premium or Ultimate) to walk through your code (intermediate language following a build, to be precise) and alert you about rules that your code violates. As you learn about the warnings and update your code, you become a better coder, your code becomes more [performant|readable|maintainable|secure] and the sun shines just a little bit brighter. Our vision is to ease our developer team in to the code analysis world by applying a basic ruleset – for us, this was everything except Microsoft.Reliability and Microsoft.Globalization, but subject to change - and begin enforcing it on all new projects. Initially, as developers get accustomed to fixing warnings and ensuring zero-warning code, we’re going to leave the enforcement on at the developer machine level. We do this by utilizing a project template that is preconfigured to use our ruleset and our custom dictionary . Eventually, when the developers are all acquainted with this process, we are going to enable build-level enforcement of the rules on the build box. There are already some resources on the web that describe the process, but when we go ahead and set build-level enforcement, I’ll post about the process and our experience.
See the article here:
Analyze This!