We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool?
It includes sections on secure coding for all visual languages (C++, C# etc)
Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters.
On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,
We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool?
It includes sections on secure coding for all visual languages (C++, C# etc)
I cannot find a command line tool that runs the phoenix rules. Maybe when the DLL's are used in FXCop?
Regards,
Elger
On Mon, Jul 2, 2012 at 11:34 AM, Fabrice Bellingard <[hidden email]> wrote:
Hi Elger,
Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters.
On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,
We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool?
It includes sections on secure coding for all visual languages (C++, C# etc)
Well, we don't need this first tool, as we have our own parser that knows how to compute metrics (and which we can extend if some useful metrics are missing).
Then, there is CAT.net, which claims to find security problems in your assemblies from the command line:
I cannot find a command line tool that runs the phoenix rules. Maybe when the DLL's are used in FXCop?
If this can be executed using FxCop engine, that would be straightforward. Who wants to git it a try? ;-)
Regards,
Elger
On Mon, Jul 2, 2012 at 11:34 AM, Fabrice Bellingard <[hidden email]> wrote:
Hi Elger,
Do you know if that's possible to execute this tool in a headless mode and if it can produce (XML) reports? Because these are 2 requirements if we want to create a plugin for it.
And if it is possible to execute it in headless mode, we must also make sure that the command line is configurable enough to pass it a customized ruleset file that describes the checks to execute along with personalized parameters.
On Mon, Jul 2, 2012 at 9:48 AM, Elger Jonker <[hidden email]> wrote:
Hi all,
We've seen that Visual Studio has its own tool called "Code Analysis". Wouldn't it be great if the C# ecosystem was enriched by the output of Microsofts own Code Analysis tool?
It includes sections on secure coding for all visual languages (C++, C# etc)
Locked
