Welcome to Static Code Analysis with NDepend

Static Code Analysis or Static Code Analysis is an operation performed by a specialized tools like NDepend on the source code of a product before running or releasing it. It helps the developer or the whole team working on the product to ensure that the source code is complaint with the standard rules of clean, secure, readable and reliable rules defined by the tool and the team behind it or custom rules that could be defined by the team itself.

While writing code despite the level of experience you have, there is always a chance to miss or write a piece of code that either has a vulnerability that will affect the flow of the app in the runtime later or it will be working fine but it's basically not maintainable and could lead to untestable code in a future stages in the development. Here is where Static Code Analysis tools comes into play by scanning your source code after builds operations and generate a very detailed reports about how your code is doing and what could be done to make it robust and effeicient code. Static Code Analyzer not only provides code readings and rules satisfaction or violations, tools like NDepend provide set of other utility and features like Dependency Graph Explorer and advanced metrics, such features helps understanding the overall solution and the projects inside, how they are working together, and statistics that shows how the team is progressing and improving. In the following article I will be sharing my review for the static code analysis giant NDepend as a .NET developer, and explore some great features in details that I personally use for some of my prdocuts, so, let's get started

What is NDepend

In a nutshell, NDepend is basically a static code analyzer tool for .NET developers and architects. NDepend offers a complete experience fully embeded within Visual Studio 2022, 2019, 2017 to 2010 to its fully integration with CI/CD) utilites like Azure DevOps (my favorite). It also has a seperated app that could be used by developers who use Visual Studio Code as their IDE and code editor. NDepend analyzes all different kind of apps built on top of .NET 6.0, .NET 5.0, .NET Core, .NET Framework 4.x, ASP.NET Core, Blazor, Xamarin, Unity, and UWP.

Get Started With NDepend

NDepend offers a 14-days free trial for their product which is more than enough to disover the prodct. You can get your license from Download NDepend. The setup process is failry easy and takes less than 5 minutes to onboard your project, after you receive your license, you will receive set of steps well explained that you can follow to activate the license. After that you install the Visual Studio extenion from NDepend - Visual Studio Marketplace or directly from Visual Studio Extensions menu then will it will be up and running in few clicks. Now, let's discover how you can onboard your project and the power of some NDepend most powerful features.

A - Onboard Your .NET Project to NDepend

To start analyzing your project using NDepend, all you have to do is just follow these simple two steps:

1- From the Extensions menu choose NDepend and then click on Attach New NDepend Project to Current VS Solution 2- You will see a popup with all the configurations, filters and everything else you need to set up, to get started quickly you can just click on the Analyze single .NET Assembly button, and NDepend will start doing its magic

That's it!! 🤩, as simple as that, now based on the size of your project, you have to wait until the full analysis is done, from small projects usually it takes less than a minute, but it depends on how many projects in the solution and the size of your code..etc. After it fully finishes it will show you some options, like Open Dashboard, report on the web ..etc. you can open the NDepend Dashboard and see what's there

B - NDepend Dashboard

NDepend offers an extensive interactive dashboard that gives you an overview of many things going on in your code that are very easy to understand, has a simple UI, and it allows you to navigate for more details about anything you click. As you can see in the screenshot above, from the first look, you can see the size of your code like how many lines, and how many ones are added or removed based on the latest analyzes, also it shows you visually using the green, red, and yellow color, how you code is doing, how you many rules you followed, rules you ignored, how many issues detected. The dashboard also has useful statistics like Method Complexity, lines of comments in your code, and too many others you can discover that help you detect issues, and make your code more robust and efficient.

In the next part we will see one of the greatest features in NDepend which is the Rules

C - NDepend Rules

NDepend has another powerful engine which is the rules, which are basically what your code is being analyzed against. NDepend comes with a huge variety of rules that cover many areas in your code like Code Smells, Object Oriented Design, Architecture, Dead Code, and the list counts. You discover all of them either from Visual Studio by clicking on the Extensions menu => NDepend ⇒ Rules Explorer or you can use the NDepend Rules Explorer web portal from the following link where you can find intensive documentation about each rule NDepend Rules Explorer Web Portal Following the rules exactly with their severity after each analysis, and based on what I have seen in my projects, they ensure you a super clean, efficient, readable, maintainable, and easy-to-understand code. A simple example is if your method is not commented well, you are going to see a warning about that, if your method is long NDepend will notify you and suggest what you can do about it, in addition to other hundreds of rules that covers simple and complex scenario in your code, and guarantee the highest quality possible.

As a side note, NDepend rules help junior developers become much better ones, because the rules defined are ones written against the industry standards and best practices, as well as they have extensive documentation for each rule, that explains carefully why it's there and how to achieve it the best way possible. On the other hand for experienced engineers, it also teachs you many new things, and most importantly it keeps you focused on having the best code possible, because sometimes I write a function with comments and very readable and other times I write it so quickly and I move on, then I forgot to come back to it, but NDepend always have the dashboard, reports, rules and issues portal where it reminds you to keep your code at the highest level of quality possible.

Next screenshot shows how each rule is documented with all the reasons of why this rule is important and how you can avoid it:

Custom Rules

As a sub-feature under the rules, NDepend provides the capabilities to write your own rules or customize the existing ones, as all those rules are built using LINQ queries which makes it easy to build or customize rules. Whether you are a standalone developer or a team leader, custom rules allow you to define your own rules of coding, where you are going to see and your teams report that all your code is aligned. Such a feature is super powerful in companies where new employees always join, getting to teach the newcomers all the rules is a tough and time-consuming process. while defining them in NDepend, they will be able to see reports, and NDepend automatically will suggest what they need to change to keep the code complain with the company's rules.

D - Dependency Graph

My other favorite feature is the dependency graph. NDepend provides a high to the low-level view of how your app components (projects, classes ..etc) are related and dependent on each other using an amazing visual tool that presents them with colors and visualizations that makes you understand all the relationships in a quick look The previous screenshot shows how my projects in the solution are referencing each other, and if you click on any, NDepend will highlight it with its dependencies in an easy-to-understand fashion. If you zoom-in in on the graph you can see the relationship and the dependencies on the level of the class, interfaces, and more as shown below:

If you open an already built project for the first time, Dependency Graph is the easiest and shorter way to understand the components overall and how the projects are related to each other, before you deep dive into the code, so basically this utility saves you hours of understanding and brain analysis.

E - Azure DevOps integration

The last feature I want to take about in NDepend is the integration with the Azure DevOps because Azure DevOps is my favorite CI/CD utility, and I'm using it in my work in addition to my open-source project for build and release pipelines. NDepend supports a superpower and simple integration, that you can set it up for your organization in less than 2mins as shown below: 1- Add Code Quality NDepend extension to your DevOps organization from Code Quality NDepend for Azure DevOps, TFS 2017 and TFS 2018 2- After installing the extension, you can activate your license, by opening any project in your Azure DevOps organization from the Overview menu item on the left-hand side, choose NDepend, and following the steps to set up your Pro license or obtain a 28-days free trial one

Basically, it's as simple as that to add it to your Azure DevOps, next stage is to add the NDepend task to your build pipeline after your build task as shown below

Simple ha? 😉 By just doing this, whenever your pipeline gets built, a full report will show up in your project dashboard that could be seen by all team members, and then the rules are just clear for everyone (junior and seniors) on what is the next step in making this codebase better with higher quality. The following image is the dashboard provided by NDepend in the Azure DevOps project Like the Visual Studio dashboard, you can find the same metrics, same indicators, with even a better design.

In addition to the dashboard, you can see all the rule violations existing in your code in the Issues/Debit and Rules tabs as the following screenshot shows:

For teams, there is also the Metrics and the Trends tab and it's so important to give indications of how the code is growing from build to build and how the code quality is improving, because with every build when there are more comments overall, fewer rules violations reported, more Coverage percentage, that means the team is going in the right direction and the experience is just growing

My Personal Thoughts

NDepend offers more than what I have shared with you but those are the most important to me. For open-source projects especially big ones, Dependency Graph is always the key to understanding exactly how this project is structured, and sometimes it really saves you long hours and days to discover other people's code. The feature used by me mostly is the DevOps integration, I'm a big Azure DevOps fan and use it for work and personal projects. While writing code I focus on small business tasks and try to follow the best practices as much as I can and keep my focusing on the task itself more than the rules, after I finish and create a Pull Request and got my business goal achieved, I wait for the build pipeline to finish and then check the dashboard on DevOps and the rules I violated, then make another trip to my code to resolve them. In that way, NDepend gives you everything you need to keep your code great and collaborative because anyone else can join easily and understand it, also because it's clean reviewed code, which means it lives longer, so less refactoring in the days ahead.

References and Resources

• NDepend documentation Get Started with NDepend for Windows
• Practical NDepend course on Pluralsight Practical NDepend