323  

Code violation detection Tools:

代码违规检测工具:

• Fxcop, excellent tool by Microsoft. Check compliance with .net framework guidelines.

  Fxcop,微软的优秀工具。检查是否符合.net框架准则。

  Edit October 2010: No longer available as a standalone download. It is now included in the Windows SDK and after installation can be found in Program Files\Microsoft SDKs\Windows\ [v7.1] \Bin\FXCop\FxCopSetup.exe

  编辑2010年10月:不再作为独立下载提供。它现在包含在Windows SDK中,安装后可以在Program Files \ Microsoft SDKs \ Windows \ [v7.1] \ Bin \ FXCop \ FxCopSetup.exe中找到

  Edit February 2018: This functionality has now been integrated into Visual Studio 2012 and later as Code Analysis

  编辑2018年2月:此功能现已集成到Visual Studio 2012及更高版本中作为代码分析

• Clocksharp, based on code source analysis (to C# 2.0)

Clocksharp,基于代码源分析(到C#2.0)

• Mono.Gendarme, similar to Fxcop but with an opensource licence (based on Mono.Cecil)

Mono.Gendarme,类似于Fxcop但具有开源许可证(基于Mono.Cecil)

• Smokey, similar to Fxcop and Gendarme, based on Mono.Cecil. No longer on development, the main developer works with Gendarme team now.

Smokey,类似于Fxcop和Gendarme,基于Mono.Cecil。不再开发,主要开发人员现在与Gendarme团队合作。

• Coverity Prevent™ for C#, commercial product

Coverity Prevent™适用于C#,商业产品

• PRQA QA·C#, commercial product

PRQA QA·C#,商业产品

• PVS-Studio, commercial product

PVS-Studio,商业产品

• CAT.NET , visual studio addin that helps identification of security flaws

CAT.NET,visual studio addin,有助于识别安全漏洞

• CodeIt.Right
• Spec#
• Pex

Quality Metric Tools:

质量指标工具:

• NDepend, great visual tool. Useful for code metrics, rules, diff, coupling and dependency studies.

NDepend,很棒的视觉工具。对代码度量,规则,差异,耦合和依赖性研究很有用。

• Nitriq, free, can easily write your own metrics/constraints, nice visualizations. Edit February 2018: download links now dead.

Nitriq,免费,可以轻松编写自己的指标/约束,良好的可视化。编辑2018年2月:下载链接现已死亡。

• RSM Squared, based on code source analysis

RSM Squared,基于代码源分析

• C# Metrics, using a full parse of C#

C#指标,使用完整的C#解析

• SourceMonitor, an old tool that occasionally gets updates

SourceMonitor,一个偶尔会获得更新的旧工具

• Code Metrics, a Reflector add-in

代码度量标准,一个Reflector加载项

• Vil, old tool that doesn't support .NET 2.0. Edit January 2018: Link now dead

Vil,不支持.NET 2.0的旧工具。编辑2018年1月:链接现已死亡

Checking Style Tools:

检查样式工具:

• StyleCop, Microsoft tool ( run from inside of Visual Studio or integrated into an MSBuild project). Also available as an extension for Visual Studio 2015 and C#6.0

StyleCop,Microsoft工具(从Visual Studio内部运行或集成到MSBuild项目中)。也可用作Visual Studio 2015和C#6.0的扩展

• Agent Smith, code style validation plugin for ReSharper

Agent Smith,ReSharper的代码样式验证插件

Duplication Detection:

• Simian, based on source code. Works with plenty languages.

Simian,基于源代码。适用于大量语言。

• CloneDR, detects parameterized clones only on language boundaries (also handles many languages other than C#)

CloneDR仅检测语言边界上的参数化克隆(还处理C#以外的许多语言)

• Clone Detective a Visual Studio plugin. (It uses ConQAT internally)

克隆侦探一个Visual Studio插件。 (它在内部使用ConQAT)

• Atomiq, based on source code, plenty of languages, cool "wheel" visualization

Atomiq,基于源代码,丰富的语言,酷炫的“*”可视化

General Refactoring tools

一般重构工具

• ReSharper - Majorly cool C# code analysis and refactoring features

ReSharper - 非常酷的C#代码分析和重构功能

7  

The tool NDepend is quoted as Quality Metric Tools but it is pretty much also a Code violation detection tool. Disclaimer: I am one of the developers of the tool

NDepend工具被引用为Quality Metric Tools,但它几乎也是Code违规检测工具。免责声明:我是该工具的开发人员之一

With NDepend, one can write Code Rule over LINQ Queries (what we call CQLinq). More than 200 CQLinq code rules are proposed by default. The strength of CQLinq is that it is straightforward to write a code rule, and get immediately results. Facilities are proposed to browse matched code elements. For example:

使用NDepend,可以通过LINQ查询编写代码规则(我们称之为CQLinq)。默认情况下,提出了200多个CQLinq代码规则。 CQLinq的优势在于可以直接编写代码规则并立即获得结果。建议设施浏览匹配的代码元素。例如:

Beside that, NDepend comes with many others static analysis like features. These include:

除此之外,NDepend还提供了许多其他静态分析功能。这些包括:

• Smart Technical Debt Estimation

智能技术债务估算

• Dependency Graph
• Dependency Matrix
• Code Diff capabilities

代码差异功能

• NDepend.API that lets write you own static analysis tool. With NDepend.APi we even developed a tool to detect code duplicate (details in this blog post: An Original Algorithm to Find .NET Code Duplicate).

NDepend.API让你自己编写静态分析工具。使用NDepend.APi,我们甚至开发了一个检测代码重复的工具(此博客文章中的详细信息:查找.NET代码重复的原始算法)。

1  

• Gendarme is an open source rules based static analyzer (similar to FXCop, but finds a lot of different problems).

Gendarme是一个基于开源规则的静态分析器(类似于FXCop,但发现了很多不同的问题)。

• Clone Detective is a nice plug-in for Visual Studio that finds duplicate code.

Clone Detective是一个很好的Visual Studio插件,可以找到重复的代码。

• Also speaking of Mono, I find the act of compiling with the Mono compiler (if your code is platform independent enough to do that, a goal you might want to strive for anyway) finds tons of unreferenced variables and other Warnings that Visual Studio completely misses (even with the warning level set to 4).

还谈到Mono,我发现使用Mono编译器进行编译的行为(如果你的代码与平台无关,那么你可能想要争取的目标)找到大量未引用的变量以及Visual Studio完全错过的其他警告(即使警告级别设置为4)。

1  

Have you seen CAT.NET?

你看过CAT.NET了吗?

From the blurb -

从模糊 -

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.

CAT.NET是一种二进制代码分析工具,可帮助识别某些流行漏洞的常见变体,这些漏洞可能会产生常见的攻击媒介,如跨站点脚本(XSS),SQL注入和XPath注入。

I used an early beta and it did seem to turn up a few things worth looking at.

我使用了早期的测试版,似乎确实有一些值得关注的东西。

0  

Aside from the excellent list by madgnome, I would add a duplicate code detector that is based off the command line (but is free):

除了madgnome的优秀列表之外,我还会添加一个基于命令行的重复代码检测器(但是是免费的):

http://sourceforge.net/projects/duplo/

-1  

Klocwork has a static analysis tool for C#: http://www.klocwork.com

Klocwork为C#提供了一个静态分析工具:http://www.klocwork.com

-1  

I find the Code Metrics and Dependency Structure Matrix add-ins for Reflector very useful.

我发现Reflector的Code Metrics和Dependency Structure Matrix加载项非常有用。

-1  

Optimyth Software has just launched a static analysis service in the cloud www.checkinginthecloud.com. Just securely upload your code run the analysis and get the results. No hassles.

Optimyth Software刚刚在云端www.checkinginthecloud.com上推出了静态分析服务。只需安全上传您的代码即可运行分析并获得结果。没有麻烦。

It supports several languages including C# more info can be found at wwww.optimyth.com

它支持多种语言,包括C#更多信息,请访问wwww.optimyth.com

-1  

Axivion Bauhaus Suite is a static analysis tool that works with C# (as well as C, C++ and Java).

Axivion Bauhaus Suite是一个静态分析工具,可与C#(以及C,C ++和Java)配合使用。

It provides the following capabilities:

它提供以下功能:

• Software Architecture Visualization (inlcuding dependencies)

软件架构可视化(包含依赖关系)

• Enforcement of architectural rules e.g. layering, subsystems, calling rules

执行架构规则,例如分层,子系统,调用规则

• Clone Detection - highlighting copy and pasted (and modified code)

克隆检测 - 突出显示复制和粘贴(以及修改后的代码)

• Dead Code Detection

死代码检测

• Cycle Detection
• Software Metrics
• Code Style Checks

代码样式检查

These features can be run on a one-off basis or as part of a Continuous Integration process. Issues can be highlighted on a per project basis or per developer basis when the system is integrated with a source code control system.

这些功能可以一次性运行,也可以作为持续集成流程的一部分运行。当系统与源代码控制系统集成时,可以基于每个项目或每个开发人员突出显示问题。