by Hamid Mosalla | .Net, C#, Visual Studio in , , , ,

NDepend 2018 Review: A Flexible Static Analyzer

NDepend is an static analyzer which can provide various useful information about the quality of the code base. With its built in rules, it calculates how much technical debt the project is in, and estimate how many hours it takes to pay them.

For the first time users, the UI might be a little overwhelming, but that all depends on who is the target user of this product. I think it can be used by anyone, but mostly it’s suitable for highly advanced developer that work on big projects and enterprises. But that doesn’t mean smaller organizations can’t benefit from it. That’s because it is highly customizable. You can create your own code query and define how much technical debt not following that rule will incur.

It can be used out of the box, but it should be customized to truly fit your needs. NDepend comes as both independent executable and Visual Studio extension. You can also integrate it into continuous integration servers. In this post I’m going to share my experience using it, I’ll specifically concentrate on features related to analysis. But it has other features such as Diff tool, dependency graph, ability to load code coverage file etc. Also worth to note thanks to NDepend team, I received a license free of charge, but it will not effect my opinion.

NDepend First Glance

When we first analyze the code base, it shows us a lot of information about different aspect of our project.

Here we can see different statistics about our code base such as how many lines of code written, how many methods etc. We also see the amount of technical debt that our code base has and must be paid. The amount and severity of technical debt or a problem defined in rule files. Rules define if a problem considered to be a minor problem or a severe one. When you click on violated rules for example, we go to the list and description of all the rules that are violated. If we click on any rule, we then navigated to code that have this issue, and after that we can click the construct that has issue and we navigate to it.

There’s also a Visual Studio extension with all this features that makes it easier to use NDepend with Visual Studio.

NDepend Vs Other Analyzers?

I’ve used different static analysis tools such as Resharper’s on-the-fly code inspections, StyleCop etc. But they are not as flexible and customizable as NDepend. Also for the most part, the default rules in NDepend is not overlapping by rules of Resharper and StyleCop. That means it’s a perfect choice to use alongside Resharper. That means you get different perspective on how you can improve you code. Most important difference is that rules of NDepend look at the code base at a higher level then something like Resharper. Kind of like Resharper shows you the tree but NDepend shows you the jungle.

Also it is very fast with its analysis and analyzing a big solutions doesn’t create much of a problem. So it’s a good combination to use with other analyzers and it can significantly increase the quality of the code base. It’s specially useful for big projects, for example code review for big projects becomes increasingly more difficult. But with NDepend we can create the rules that we care about by using CQLinq and execute them against our solution.

NDepend Technical Debt Estimation

One other feature of this analyzer is estimating the amount of time needed to pay the technical debt.

So now we have an estimate amount about how much time we should put into the project to pay these debts. Also we can do the technical debt analysis before we check in our code so technical debts doesn’t accumulate.

NDepend Cusomization

Out of the box, NDepend has a lot of rules that is checked against the target project. But not all of this rules are useful for all projects. NDepend has amazing customization capability and every aspect of code analysis is customizable.

We can exclude the rules that we don’t care about or modify them to better suit our needs. We can even create new rules by using Code Query LINQ, a developer friendly query language for NDepend.

NDepend CQLinq

Another feature of NDepend is the ability to write a query to find certain kind of code or create rules that must be followed. For example here’s the rule related to avoiding big types.

We can see how flexible these rules are, for example we can reduce the number that indicates the acceptable line of code from 200 to 150 if we need. I added a simple rule to check the action methods and their attributes. When the action method has HttpPost attribute, we need to add the ValidateAntiForgeryToken attribute too. This protects us from XSRF/CSRF attacks. Here’s my simple rule definition, keep in mind that you can turn any code query to rule simply by warnif prefix as in warnif count > 0.

Here’s the result after applying this rule.

You can see how easy it is to add your own rule, pretty powerful stuff.

NDepend Code Metrics

Another powerful feature is Code Metrics View. Code Metrics allows us to see the info about different aspect of our analysis in a visual format. For example in the image below we see the methods with the most Cyclomatic complexity at a glance.

This kind of visual representation make sifting through the analysis data easier.

Strategy On Its Proper Use

NDepend is a complex analysis tool with lots of features. That alone makes it necessary to have a clear strategy when using it. Some might say I don’t need many of these rules but that missing the point about NDepend. It clearly created to be customized and adapted to different needs. You could use it out of the box too but I personally think this is not the best way to use it.

NDepend Quality Issue Description

Not only NDepend can shows us which section of our code can improve, but also it gives useful information about why certain rule exist.

I personally learned a lot by reading the description of each problem. Because not only it explains why it’s a problem, but also nudging you in right direction by proposing a design pattern for instance.

Summary

In this post, I described what NDepend is, we explored the most imprtant features of NDepend. I also discussed how you can customize it to fit the size and complexity of the project at hand. NDepend might be a little overwhelming at first, but as you continue using it and see its power, you understand that spending more time and learning how to properly use it worth it.

Share...
1
Share
 

Hamid Mosalla

Hi, I'm Hamid Mosalla, I'm a software developer, indie cinema fan and a classical music aficionado. Here I write about my experiences mostly related to web development and .Net.

 

Leave a Reply

Your email address will not be published. Required fields are marked *