IT:AD:FXCop

Summary

FXCop iswas a free standalone static analysis tool that checks .NET managed assemblies that has since been folded into Visual Studio.

It is no longer available as a standalone product.

It .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines.

It inspect assemblies for more than 200 different possible violations in the following areas:

  • COM (Interoperability)
  • Design=
  • Globalization
  • Naming (types, members, parameters, namespaces, assemblies naming).
  • Performance – rules that detect elements in your assemblies that will degrade performance.
  • Security – although CA2010 does look for SQL Injections, the checks are to be taken as only a starting point:
  • Usage
  • Maintainability
  • Portability
  • Reliability (memory/thread usage).

Alternatives

IT:AD:Micrsoft Code Analysis Tool (CAT.NET) was an option – but's it's no longer maintained.

Same for IT:AD:Gendarme.

PlantUML Graph

IT:AD:CodeIt.Right offers a commercial engine that appears to offer the same functionality (meet MS Guidelines) and more.

Security

FXCop was originally focused more on meeting development standards and guidelines than security 1).

That said, it some work looking for SQL Injection.

Resources