使用 VS 2010 Professional 进行 .NET 4.0 静态代码分析 (FxCop)
我有 VS 2010 Professional(与 Premium 不同,不包括在 IDE 中访问代码分析配置)和 C# 4 解决方案包含数十个项目。我想将静态代码分析作为解决方案编译的一部分。
我在 SO 和 Google 的帮助下确定的可能方法是:
编辑解决方案中的每个
.csproj,以包含对独立 FxCop 10 的调用作为构建后事件。优点:每个重建项目的每次编译都会发生。缺点:必须采取额外措施来确保新项目具有此指定创建一个新项目,或识别一个现有项目,由于其项目依赖性,该项目始终是最后构建的。 (仅)为该项目提供一个构建后事件,该事件在(公共)输出文件夹中的所有程序集上运行 FxCop。优点:只需更新一个文件,并且未来项目未经分析的可能性较小。缺点:构建依赖关系的变幻莫测可能意味着这实际上不起作用
使用在任何构建后运行 FxCop 的加载项或宏来更新所有开发人员的 VS 实例。根本不喜欢这个想法。
还有其他明显比上述任何选项更好的选择吗?为了使上述一项工作正常进行,我需要注意什么注意事项或观察结果吗?
我还希望 FxCop 作为 MSBuild 4.0 支持的构建的一部分在构建服务器上运行。哪些选项允许我在桌面编译和 bulid 服务器编译之间重用代码分析规则集?
我已经阅读了相关但不相同的现有问题,包括:
- FxCop for .NET 4.0 询问“独立的 FxCop 是否可用?”
- FxCop on build (Visual Studio 2008 Professional) 这是关于一个项目
- 如何集成 FxCop 和 VS 2008? 这是关于制作 FxCop - 可临时调用,在上下文菜单上单击
I have VS 2010 Professional (which, unlike Premium, does not include access to Code Analysis configuration within the IDE), and a C# 4 solution containing many-dozen projects. I want to do static code analysis as part of solution compilation.
The possible ways I have identified with the help of SO and Google are:
Edit every
.csprojin the solution to include an invocation of the stand-alone FxCop 10 as a Post-build event. Pros: happens on every compile for every project that is rebuilt. Cons: Have to take additional measures to ensure new projects have this specifiedCreate a new project, or identify an existing project, that is always built last, on account of its project dependencies. Give (just) that project a Post-build event that runs FxCop on all the assemblies in the (common) output folder. Pros: only one file to update, and less possibility of future projects going unanalysed. Cons: The vagaries of build dependencies might mean this doesn't actually work
Update all developers' VS instances with an add-in or macro that runs FxCop after any build. Don't really like this idea at all.
Are there any other options, that are clearly better than any of the above? Are there any caveats or observations I need to be aware of to make one of the above work?
I also want FxCop to be run as part of a MSBuild 4.0-powered build on a build server. Which of the options will allow me to reuse code analysis rulesets between desktop compilation and bulid server compilation?
I have already read related but non-identical already-existing questions including:
- FxCop for .NET 4.0 which asks 'is the stand-alone FxCop available yet?'
- FxCop on build (Visual Studio 2008 Professional) which is about a single project
- How to integrate FxCop and VS 2008? which is about making FxCop-invocation available ad hoc, on a context menu click
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
要将 FxCop 集成为构建脚本 (MSBuild) 的一部分,我使用 MSBuild.Community.Tasks 中的 FxCop 任务。我使用 FxCop 创建一个 FxCop 项目 (FxCopProject.FxCop),它定义要使用的规则和要检查的程序集。
To integrate FxCop as part of the build scipt (MSBuild) I use the FxCop task from MSBuild.Community.Tasks. Using FxCop I create an FxCop project (FxCopProject.FxCop) that defines the rules to use and the assemblies to examine.
我使用 Hudson 作为构建服务器,它将在构建 .NET 应用程序后执行代码分析。为了将其用于此目的,您需要安装两个插件:
Hudson 需要配置为执行 FxCop 和 StyleCop,但这使用批处理文件并不困难。好处是不需要配置任何项目文件,因为代码分析将在外部执行;也就是说,不通过 Visual Studio。
您可以将 Hudson 配置为将代码分析作为日常任务,甚至在应用程序的每次更改时执行。然后,您的开发团队中的每个人都可以通过 Hudson 查看代码分析结果,以确定他们是否存在任何违规行为。
I have used Hudson as a build server that would perform code analysis after building .NET applications. In order to use it for this purpose, you will need to install two plugins:
Hudson would need to be configured to execute FxCop and StyleCop, but this isn't very difficult to do using batch files. The benefit is that none of your project files would need to be configured, as the code analysis would be performed externally; that is, not through Visual Studio.
You can configure Hudson to perform the code analysis as a daily task or even on every change to your applications. Then everyone on your development team could view the code analysis results through Hudson to determine whether they've made any violations.
我已经有一段时间没有使用 FxCop 了,但如果您有很多项目,我怀疑为每个项目运行一次,而不是在最后运行一次,会很痛苦。您可以尝试(或至少从)类似 this< /a>.简而言之,您有一个 uber 项目,其目标取决于构建整个解决方案,然后运行 FxCop(或单元测试等)。您可以使用解决方案资源管理器中的批处理文件调用 uber 项目。
它与您的第二个建议类似,但不会对构建顺序有任何依赖,并且不需要摆弄新项目。不幸的是,它当前的版本打破了从 VS 内部构建的正常快捷方式,并且可能很容易意外绕过,但也许可以对其进行改进。
使用 MSBuild 目标来运行 FxCop,而不是构建后步骤,也可能更干净、更好地与 VS 集成。
I've not used FxCop for a while, but if you have lots of projects, I suspect running it once for each project, rather than just once at the end, is going to be painful. You could try (or at least start from) something like this. In a nutshell, you have an uber-project, with targets that depend on building your entire solution, followed by running FxCop (or unit tests, etc.) You invoke the uber-project using a batch file from the Solution Explorer.
It's similar to your second suggestion, but won't have any dependence on the build order, and doesn't require fiddling with new projects. Unfortunately its current incarnation breaks the normal shortcuts for building from within VS, and it'll probably be easy to bypass accidentally, but it might be possible to refine it.
It might also be cleaner and better integrated with VS to use an MSBuild target for running FxCop, rather than a post-build step.
FxCop 的替代方法是使用 NDepend 工具,该工具可以让您编写 C# LINQ 查询(即 CQLinq )。 免责声明:我是该工具的开发人员之一
超过200条代码规则 是默认建议的。借助众所周知的 C# LINQ 语法,自定义现有规则或创建自己的代码规则非常简单。
可以在 Visual Studio 中实时验证规则,并在构建过程中在 生成的 HTML+javascript 报告。
An alternative to FxCop would be to use the tool NDepend that lets write Code Rules over C# LINQ Queries (namely CQLinq). Disclaimer: I am one of the developers of the tool
More than 200 code rules are proposed by default. Customizing existing rules or creating your own code rules is straightforward thanks to the well-known C# LINQ syntax.
Rules can be verified live in Visual Studio and at Build Process time, in a generated HTML+javascript report.
创建自定义构建活动(根据我们通过构建定义设置的属性运行):
更新所有 csproj 文件以添加属性“
true
保存 csproj 文件。
这意味着我们可以控制何时需要运行代码分析,我们不必每次构建代码时都运行它,
只需了解您没有高级 VS,但您可以按照相同的过程来更新。 csproj 文件在构建期间的构建事件后。
Create a custom build activity (which runs based on a property we set via the build definition):
Updates all the csproj files to add the property "
true
Save the csproj file.
This means that we have control over when the code analysis need to be run or not. We dont have to run it everytime we build the code.
Just read that you dont have the premium VS, but you can follow the same process to update the csproj file post build event during build time.
我知道这是一个老问题,但我认为最好的选择是使用 SonarQube 和 C# 插件来进行分析。这将 FxCop 作为分析选项之一,并且能够进行 StyleCop 和 ReSharper 分析(使用免费的命令行运行程序)并编译到一个 Web 界面中。
设置第一个项目确实需要一些时间,但设置后续项目非常相似,并且可以由 CI 服务器触发。
I know this is an old question but the best option IMO is to use SonarQube with the C# plugin to do your analysis. This handles FxCop as one of the analysis options as well as being able to do StyleCop and ReSharper analysis (using the free command-line runner) and compiles into one web interface.
It does take a little while to setup the first project but setting up subsequent projects is very similar and can be triggered by your CI server.