In Software Development lifecycle, Code Quality plays an integral role. The earlier we identify issues in the process, the easier and cheaper it is to address them. Using Static Code Analysis, developers can get an early feedback for their code changes.
Static Code Analysis is a collection of rules to analyze your source code at compile time to identify potential vulnerabilities, bugs, anti-patterns, refactoring and poor coding practices. It is a great way to automate your code review process, ensure that coding standards are followed and ensure a high quality product.
During the past month, I have been blogging about SonarQube – an open source static code analysis tool. We recently started using SonarQube in our projects to ensure high code quality, automate our code review process and also manage our technical debt.
In this article, I will provide an overview on another very popular and powerful Static Code Analysis tool – NDepend.
The best thing about NDepend is the ease with which you can get started and the excellent documentation available in their website. There are online videos, tutorials, screenshots, step by step explanations and you cannot go wrong with it.
Installing the NDepend extension for Visual Studio 2017 and analyzing one of my .NET applications took me not more than 10 min – that’s how simple it was!
You can use NDepend v2017.3 to perform static code analysis on a .NET Core, ASP.NET Core or .NET Standard Visual Studio project.
As a developer, you do not want to add a number of extensions causing your IDE to slow down, right?
Even though I love using ReSharper and NCrunch in my day to day work, I hate the fact that they make the Visual Studio IDE so much slower. I have not seen NDepend slowing down Visual Studio and causing any performance issues till this point of time and it seems to be pretty fast.
The NDepend Dashboard summarizes all your project information to one screen — debt, complexity, issues, coverage, rules, quality gate. Clicking on any value you can drill down to the details of the data.
There are more than 150 code rules that are executed against the code base and all the instances are neatly grouped and displayed to the user. Once you click on the rules, you will be navigated to the exact instances in the code which has the issue and needs to be addressed. There is also guidance on the rule details and how to fix the issues.
You can integrate NDepend to your TFS CI/CD process by leveraging a VSTS extension and adding it to your build definition. You can also define a Quality Gate for your project, and fail the build when code quality is not met.
You can generate a detailed HTML report for your project containing summary of the static code analysis result for your application, including lot of visualizations like Trend Analysis, Dependency Graphs, Code Coverage, Application Metrics and more.
Conclusion –
Tools like NDepend are an easy way to identify anti-patterns in your code base and keep your technical debt in check. This blog is supposed to be just an overview of the tool, and I highly recommend you to give it a shot and leverage its benefits and lots of other features.
Thanks to Patrick for providing me with a license of the tool to try out for my .NET applications and blogging/presentation purpose. I have been using it for few of my community projects over the last 1 week and it has given me lot of useful insights into the code smells and overall quality of the product. Like most professional tools in market, this is not a free tool. But you can download a free trial here and determine if it can be beneficial for your project.
SonarQube – Issues with Cyclomatic Complexity Metrics 
SonarQube – Setting up Quality Gates in your application 
SonarQube – Rejecting Code Check-in when Quality Gates are not met 
SonarQube 6.5 – Code Coverage Result is not displayed 
samirbehara 
Leave a Reply