/awesome-dotnet-core-static-analyzers

Awesome collection of .NET Core Static Analyzers using the .NET Compiler Platform (Roslyn). Also includes a How to guide for using these analyzers and sample project with Cake Build Script to integrate in Continuous integration.

Primary LanguagePowerShellCreative Commons Zero v1.0 UniversalCC0-1.0

awesome-dotnet-core-static-analyzers

Awesome collection of .NET Core Static Analyzers using the .NET Compiler Platform (Roslyn). A sample project along with Cake Script for Continuous integration is also included in this repository with some of Analyzers added through Nugget.

These analyzers helps in checking common mistakes, usage problems and enforcing coding standards. Every analyzers have options to exclude certain rules from analyzers globally. You can also create your own analyers.

References
Microsoft Reference Documentation
How To Write a C# Analyzer and Code Fix
Writing your own roslyn analyzer
Write Better Code Faster with Roslyn Analyzers

Pull requests are welcome for including new items in this list. Star this repo if you like the curated list

FXCopAnalyzers - Microsoft recommended code quality rules and .NET API usage rules, including the most important FxCop rules, implemented as analyzers using the .NET Compiler Platform (Roslyn).

StyleCopAnalyzers - An implementation of StyleCop's rules using Roslyn analyzers and code fixes

Security Code Scan - Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc.

Roslynator - A collection of 500+ analyzers, refactorings, and fixes for C#, powered by Roslyn.

AsyncFixer - AsyncFixer helps developers in finding and correcting common async/await misuses (i.e., anti-patterns). AsyncFixer has been tested with thousands of open-source C# apps and successfully handles many corner cases.

Meziantou.Analyzer -A Roslyn analyzer to enforce some good practices in C#.

SerilogAnalyzer - Roslyn-based analysis for code using the Serilog logging library. Checks for common mistakes and usage problems.

Microsoft.AspNetCore.Mvc.Api.Analyzers - CSharp Analyzers for ASP.NET Core MVC.

SonarAnalyzer.CSharp - Analyzers which spot bugs and code smells in your code. This package is best used together with SonarLint for Visual Studio (http://vs.sonarlint.org/) and/or the SonarQube platform (http://www.sonarqube.org/).

NSubstitute.Analyzers.CSharp - Provides diagnostic analyzers to warn about incorrect usage of NSubstitute in C#.

xunit.analyzers - Code Analyzers for projects using xUnit.net that help find and fix frequent issues when writing tests.

Microsoft.CodeQuality.Analyzers - Microsoft recommended code quality rules implemented as analyzers using the .NET Compiler Platform (Roslyn).

Microsoft.CodeAnalysis.VersionCheckAnalyzer - Microsoft.CodeAnalysis Version Check Analyzer

roslyn-analyzers - Roslyn analyzers analyze your code for style, quality and maintainability, design and other issues.

ReSharper Command Line Tools - ReSharper Command Line Tools is a set of free cross-platform standalone tools that help you integrate automatic code quality analysis into your CI, version control or any other server.

Visit my site Share Tech Links for curated list of tech related interesting blog links.

Usage guide for sample project present in this repository

In sample project some of the mentioned Analyzers are included using Nugget Package. Fixes are not done in project it is just for demonstration purpose.

  • Clone this repository

  • Open sln file in Visual Studio 2019, open any controller file. Build the project and wait for few minutes. Some times analyzer output might not show just try 2 to 3 times rebuilding project and wait for few minutes. You can find Analyzers errors in Warning Tab. You can identify warnings are produced from which analzers by checking prefix.
    Example - SCS - Denotes warning from Securtity Code Scan
    SA - Style Cop Analyzer Warnings RCS - Roslynator Analyzer Warnings VS Warnings

  • You can also enable/disable rules by manually editing Rule Set file - CodeAnalysis.ruleset or you can change severity of rule from UI it will be reflected in ruleset files. There are options to supress warnings in particular file, method or block of code also.

Turning On or Off Rules

  • you can add new analyzers using Nugget Packages. Several analyzers are available just search in Nugget Explorer "Analyzers" Adding new Analyzers

Cake Build Script - Cake Script File

Cake Script helps in integrating to Continous Integration process. You can run cake script in Jenkins process when a merge/pull request is given to dev/master branch and enforce code standards by checking count of warnings and restricting Merge Requests to merge if any code violations.

Sample project also include Cake Script file. You can use Cake Build and integrate in Continuous Integration.

Cake script does the following things

  • Build project
  • Run static code analyzers.
  • Output the warnings and Analyzers report in output file.

Running Cake Script in your local windows machine

  • Checkout project in your local machine

  • Navigate to folder /build

  • Open Powershel in build folder location and type ./build Running Cake Script

  • Script will run and results will be logged in txt file in output directory Completion
    Results Folder