The SharePoint Code Analysis Framework (SPCAF) provides tools to analyze SharePoint code. This includes
- SharePoint solutions (.wsp) for SharePoint 2007 / 2010 / 2013
- SharePoint 2013 apps
SPCAF cannot only analyze assemblies like other tools as FxCop or SPDisposeCheck. It can also analyze all the XML code in SharePoint packages like Features, ContentTypes, ListTemplates and all the other files like controls (.ascx), pages (.aspx) and master pages (.master) etc.
SPCAF can be used directly in Visual Studio 2012 or 2010 to analyze SharePoint projects. It also provides a client application to analyze existing WSP packages, can be integrated into a Team Build via a custom build activity, it can be run on command line or as MSBuild task during each local build.
Use SPCAF directly in Visual Studio
Get Errors and Warnings and open the files directly in VS
Visualize Dependencies
Use the client application to analyze existing WSPs or APPs
Highlights
- Contains ~300 rules to validate SharePoint code for correctness, solution design, best practices etc..
- Creates dependency diagrams in DGML to visualize dependencies within SharePoint code
- Can be seamlessly integrated into your development process
- Provides a client application to analyze WSP and APP files.
- Can also be run during a Team Build (supports TFS 2010 and TFS 2012)
- Can be extended with custom rules or custom metrics
Sample analysis results
- Rules reports shows errors and warnings Open sample report
- Dependency diagram visualizes package dependencies Open sample report
- Inventory reports lists all contents of the packages Open sample report
- Metric reports shows complexity and amount of elements in the code Open sample report
Who should use it?
- SharePoint Architects can ensure proper application design and detect violations against best practices
- SharePoint Developers can ensure that their code is correct and that errors in XML code can be found early directly in Visual Studio and not only after deployment to SharePoint.
- SharePoint Quality Assurance can ensure that WSP packages are developed according to the best practices and the e.g. Customization Policies are not violated.
- IT Pros can ensure that the WSP files does not contain “dangerous” code and that they can install the packages without fear. The inventory reports gives a detailed overview about the contents in the packages and is a good documentation of the code.
