Tuesday, April 22, 2008

FxCop – Automated Code Review for .NET Assemblies

I have been using FxCop on and off, for quite some time now, for the automated static code review of .NET Assemblies for possible design, security and performance issues (inefficient string manipulation / comparisons, unused utility functions, unnecessary casting, security vulnerabilities etc).

I would recommend it to all those, who want to cross check their .NET Assemblies conformance, with the Microsoft’s Best Practices and Design Guidelines. What it actually does is that, it has a rule base of more than 200 rules organized in different categories, against which it inspects your .NET Assembly. You can selectively check your assembly for performance and security issues or you can specify whether you want to skip the Naming Rules conformance for a particular code analysis run or not.

Once installed and opened, you only need to do is ‘Add Target’ to your new project; target is the .NET Assembly (dll / exe) you want to inspect. Once you have added the Target(s), press ‘Analyze’ button in FxCop toolbar. Once the analysis is done, it will provide you with a granular report, drilled down to function level for the possible issues in your code. The good thing is that, it won’t only report the issue but will also report the reason and possibly the recommended fix for it!

Once you will start using it, you will eventually learn from it and will definitely avoid making those mistakes in future development. You can download latest release of FxCop from here.