Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the advantage to use the Microsoft.CodeAnalysis.FxCopAnalyzers nuget over the default Managed Binary Analysis ruleset?

Tags:

.net

analyzer

fxcop

software-quality

I currently use the Managed Binary Analysis and it looks like the nuget adds the same rules (maybe less).

I also use this SonarQube plugin: https://github.com/SonarQubeCommunity/sonar-fxcop.

What is the nuget for exactly?

like image 979
Shay Avatar asked Apr 18 '17 13:04

Shay

People also ask

What is FxCop tool used for?

FxCop provides a tool to help developers to follow their company's coding standards. FxCop does code analysis to check whether the new code is compliant with the coding standards and naming conventions followed by the company. FxCop will ensure that the specified rules are used in the source code.

How do I turn off Microsoft Codeanalysis?

To open this page, right-click the project node in Solution Explorer and select Properties. Select the Code Analysis tab. To disable source analysis at build time, uncheck the Run on build option. To disable live source analysis, uncheck the Run on live analysis option.

How do I disable Roslyn?

You can also disable importing external Roslyn issues in your SonarCloud project settings under General Settings / External Analyzers / C# section / Ignore issues from external Roslyn analyzers .

1 Answers

I know this question is very old, but I recently had the same question and would like to provide my findings.

The .NET Compiler Platform ("Roslyn") analyzers offer the following advantages over the legacy FxCop static analysis of managed assemblies:

  • Violations also show up directly in the code editor, just like normal compiler warnings.
  • Violations show up live as you type, not only after builds.
  • Many of the rules also provide code fixes, offered as Visual Studio quick actions.
  • They are the future and will eventually replace static code analysis for managed code.

The Roslyn analyzers are available either as a NuGet package or a Visual Studio extension. I strongly recommend the NuGet package. It supports configuring the severity of each rule and failing the build if analyzers are set to severity "error". And of course it doesn't require each developer to install it manually.

Source and more information Overview of .NET Compiler Platform analyzers

like image 75
cremor Avatar answered Oct 06 '22 19:10

cremor
Sign in to Comment

Related questions

Why can't DateTime.ParseExact parse DateTime output?
(How) Does TPL use (CLR) Thread Pool?
About Code First Database Evolution (aka Migrations)
How do I draw an image based on a simple polygon?
Getting input from webcam
How to catch DB errors and translate them into meaningful information for the business layer?
Open huge TIF in .NET and copy parts to new image [closed]
How to unit test PostSharp aspects?
Using Ninjects InRequestScope() when selfhosting Web API
Cannot switch to managed thread in WinDbg
How to track if an async/awaitable task is running
Performance of Func<T> and inheritance
LayoutKind.Sequential not followed when substruct has LayoutKind.Explicit
"Unable to step. Process is not synchronized" error in VS2010 after upgrading .NET Framework
C# class library project dependency injection bootstrap
LINQ to SQL will not generate sargable query
Return error on invalid or expired token
After pressing Start in C# I am getting Source Not found Error at the beginning
DirectX from C# [closed]
Use Windows Authentication with OAuth 2.0

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!