FxCop Workflow

FxCop should be used in an iterative fashion; it is designed to be a fully integrated part of the software development cycle. If you are starting a new software development effort, or are adding FxCop to an existing development effort, you will benefit most by first creating an FxCop project to store settings for the analysis. As you develop code and build it into assemblies for testing, the assemblies should be analyzed by FxCop to ensure that design and code defects are caught and corrected early in the development cycle. Items reported by FxCop should be fixed in the source code or, in the case of false positives, excluded from future reports. After the criteria, specifically the targets to analyze, rules, and excluded messages, for your software development project have been saved in an FxCop project, you can easily integrate code analysis into your software build process by adding a step to your build script to execute the command–line tool.

The following sequence of steps describes the general procedure for using FxCop:

To create a new project

  1. Compile the assemblies.

  2. Start the FxCop application.

  3. Add the targets (assemblies) to be analyzed to the project.

  4. Review the rules automatically loaded by FxCop and clear the selection of any rules that should not be applied to the targets during analysis.

To analyze the assemblies and review messages

  1. Analyze the assemblies.

  2. Review the reported messages and determine the disposition for each:

    • Code defect – fix the source code.

    • Message is reporting an intentional variance from the rule - exclude the message.

    • Rule is generating a false positive - exclude the message.

  3. Exclude items as appropriate.

  4. Correct any code defects detected by FxCop.

  5. Rebuild your assemblies.

Repeat steps 6 through 9 until the project file is configured to detect only the kinds of items that you want to fix, and reports no items for your current build. You are now ready to add the command-line tool, FxCopCmd, to your build process to automatically generate analysis reports each time you build your assemblies.

To add FxCopCmd to the build process

  1. Save the project.

  2. In your build script, call FxCopCmd using the /project option.

  3. Review the analysis report output.

  4. If new messages need to be excluded, or other changes to the project are required, use the FxCop application to update your project and save your changes.

  5. Correct any code defects detected by FxCopCmd.