Checking out NDepend: a static code analysis tool for .NET
NDepend is a static code analysis tool (SAST) for .NET. NDepend will analyze your code for code smells, best practices, complexity, dead code, naming conventions, and much more.
NDepend will give you insight into the overall quality of your code base and provide you a quantitative indicators for technical debt, complexity, amount of code commented, and more.
NDepend will provide trend graphs to visualize your progress over time. Ndepend also contains other visualizations such as dependency graphs.
Taking NDepend for a spin #
First, you have to attach NDepend to your .NET solution in Visual Studio. Type "NDepend" into the general search box (Ctrl+Q) and locate the "Attach New NDepend Project to Current VS Solution".
A modal will appear prompting you to select the desired projects. By default it will filter out projects containing 'test' in the project name. Click 'Analyze X .NET Assemblies'.
NDepend will now analyze your code and show a dashboard within seconds.
The dashboard contains a lot of metrics about your project. Most importantly, investigate and remediate any Critical or Violated Rules to decrease your technical dept and increase your rating. Click on the violated rules.
You are greeted with a list of suggestions to improve your code base. The same dashboard can be viewed inside of Visual Studio which is more useful. In Visual Studio the NDepend will help you navigate to the specific location where the violation is detected.
NDepend will also help you suppress the violation in case you want to.
There's a lot of technologies in .NET that will generate code for you and often contain violations. You should suppress auto-generated code from NDepend. NDepend uses CQLinq (Code Query LINQ) for querying which code to analyze. Instead of suppressing generated code using SuppressMessage-attributes for specific areas of code, you can modify the CQLinq queries to filter out which code is evaluated at a larger scale.
NDepend proposes some default notmycode query to define the JustMyCode code base view and avoid getting violations on generated code. Learn more about filtering out 'notmycode'.
Adding NDepend to continuous integration tools #
NDepend has pre-built integration with many continuous integration (CI) tools such as Azure DevOps, Jenkins, Bamboo, and more. You can add an NDepend task to your Azure Pipelines and view the dashboard inside of Azure DevOps.
Putting NDepend in your CI environment is incredibly helpful to track the code quality and health of your project in a central place. NDepend will keep track of your results over time and visualize how you and your team are improving.
Conclusion #
NDepend is a very powerful tool for .NET teams to measure and improve code bases. It can detect a large amount of issues in your code very fast and provide visualizations of your dependencies.
You can integrate it with your build pipelines and see how your code is improving over time.
Learn more about NDepend here:
