Quantcast

Integration of VS code analysis results?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Integration of VS code analysis results?

Elger Jonker
Hi all,

We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool? 

It includes sections on secure coding for all visual languages (C++, C# etc)

Regards,
Elger

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Integration of VS code analysis results?

Fabrice Bellingard-4
Hi Elger,

Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters. 


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,

We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool? 

It includes sections on secure coding for all visual languages (C++, C# etc)

Regards,
Elger


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Integration of VS code analysis results?

Elger Jonker
Hey Fabrice,

First, there is "code metrics". This might be included in a next release.

Then, there is CAT.net, which claims to find security problems in your assemblies from the command line:

But the real thing is:

I cannot find a command line tool that runs the phoenix rules. Maybe when the DLL's are used in FXCop?

Regards,
Elger


On Mon, Jul 2, 2012 at 11:34 AM, Fabrice Bellingard <[hidden email]> wrote:
Hi Elger,

Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters. 


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,

We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool? 

It includes sections on secure coding for all visual languages (C++, C# etc)

Regards,
Elger



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Integration of VS code analysis results?

Fabrice Bellingard-4
On Mon, Jul 2, 2012 at 12:02 PM, Elger Jonker <[hidden email]> wrote:
Hey Fabrice,

First, there is "code metrics". This might be included in a next release.

Well, we don't need this first tool, as we have our own parser that knows how to compute metrics (and which we can extend if some useful metrics are missing).


Then, there is CAT.net, which claims to find security problems in your assemblies from the command line:

OK, should look if it is available as a command line tool.
 

But the real thing is:

I cannot find a command line tool that runs the phoenix rules. Maybe when the DLL's are used in FXCop?

If this can be executed using FxCop engine, that would be straightforward. Who wants to git it a try? ;-)
  

 

Regards,
Elger


On Mon, Jul 2, 2012 at 11:34 AM, Fabrice Bellingard <[hidden email]> wrote:
Hi Elger,

Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters. 


Best regards,

Fabrice BELLINGARD | SonarSource
http://sonarsource.com



On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,

We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool? 

It includes sections on secure coding for all visual languages (C++, C# etc)

Regards,
Elger




Loading...