Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the advantage to use the Microsoft.CodeAnalysis.FxCopAnalyzers nuget over the default Managed Binary Analysis ruleset?

I currently use the Managed Binary Analysis and it looks like the nuget adds the same rules (maybe less).

I also use this SonarQube plugin: https://github.com/SonarQubeCommunity/sonar-fxcop.

What is the nuget for exactly?

like image 979
Shay Avatar asked Apr 18 '17 13:04

Shay


People also ask

What is FxCop tool used for?

FxCop provides a tool to help developers to follow their company's coding standards. FxCop does code analysis to check whether the new code is compliant with the coding standards and naming conventions followed by the company. FxCop will ensure that the specified rules are used in the source code.

How do I turn off Microsoft Codeanalysis?

To open this page, right-click the project node in Solution Explorer and select Properties. Select the Code Analysis tab. To disable source analysis at build time, uncheck the Run on build option. To disable live source analysis, uncheck the Run on live analysis option.

How do I disable Roslyn?

You can also disable importing external Roslyn issues in your SonarCloud project settings under General Settings / External Analyzers / C# section / Ignore issues from external Roslyn analyzers .


1 Answers

I know this question is very old, but I recently had the same question and would like to provide my findings.

The .NET Compiler Platform ("Roslyn") analyzers offer the following advantages over the legacy FxCop static analysis of managed assemblies:

  • Violations also show up directly in the code editor, just like normal compiler warnings.
  • Violations show up live as you type, not only after builds.
  • Many of the rules also provide code fixes, offered as Visual Studio quick actions.
  • They are the future and will eventually replace static code analysis for managed code.

The Roslyn analyzers are available either as a NuGet package or a Visual Studio extension. I strongly recommend the NuGet package. It supports configuring the severity of each rule and failing the build if analyzers are set to severity "error". And of course it doesn't require each developer to install it manually.

Source and more information Overview of .NET Compiler Platform analyzers

like image 75
cremor Avatar answered Oct 06 '22 19:10

cremor