Saturday, June 4, 2022

Azure DevOps - Static Code Analysis

Static Code Analysis

The Code Analysis feature of Visual Studio performs a static code analysis to help developers identify potential design, globalization, interoperability, performance, security, and a host of other categories of potential problems. Code Analysis can be run manually at any time from within the Visual Studio IDE, or even set up to automatically run as part of a Team Build or check-in policy for Azure DevOps Server.

Below are the steps to Add static code Analysis to your Azure Pipeline using Visual studio

  • Open Visual Studio and Create an Aspnet core project (sample project).
  • In Tools--->NuGetPackage Manager-->Manage NuGet Packages for Solution.
  • In the Browse tab search for FxCop and from the list select Microsoft.CodeAnalysis.FxCopAnalyzer
  • On the right-hand side, the Window, select your project name and Install it.
  • Build your solution Build--->Build Solution
  • Now select View--->Error list
  • In the Dependencies tab in solution Explorer select Microsoft.CodeAnalysis tool and check the Diagnostic Properties which shows the default severity value.
  • In the Messages tab, you will find some warnings related to the code analysis.
  • Create an Azure Repo (say StaticCodeAnalysis) in Azure DevOps.
  • Add the HTTPS URL of this repo in the project git repository's remote reference (Git-->Manage Remotes..) in your solution.
  • Create an Azure pipeline and select Azure Repo(StaticCodeAnalysis) and AspNetCore platform and Run the pipeline.


Post a Comment