Want to have SharePoint code approved by Microsoft?

If you ever wanted to know if your SharePoint code is good enough, then look no further than MSOCAF which stands for Microsoft Online Code Analysis Framework. This tool was primarily build to validate custom SharePoint code that will run in BPOS-D farms (SharePoint online dedicated) however nothing is stopping you from downloading the tool and validate your own WSP to see what Microsoft thinks of it! ;)

Code analysis within MSOCAF focuses on areas like memory management, security vulnerabilities, exception management, object model usage, quality gates for unsupported features and reporting. The framework leverages existing tools like FxCop, CAT.Net, and SPDisposeCheck to analyze custom solutions.

So how does it work? Well, first you need to download the tool from https://caf.sharepoint.microsoftonline.com/Default.aspx, then start it up, you will get this screen (looks nice and shiny eh?):

image

Next, click on Analyze. It will tell you how the folder structure of your deployment must look like:

image

Click on Next to move on, there you will be told which rules will be used to check the code:

image

Now, probably a lot of ‘standard’ rules will not really apply to your code. I mean, personally, I’ve never used any P/Invokes (at least, not that I’m aware off ;) so the chances are unlikely that the “Move P/Invokes to NativeMethods class” rule in the Design section will be fired. So instead, focus on the rules that are defined in the custom rule set and the Memory Management one.

After reviewing the rules, click on Next to get the screen where you can locate the folder structure that holds your solution

image

Now, let me share that will be reviewed.. and be aware this is bad code!

image

Curious what the tool will be say of this? So am I!

image

And here we are, as a surprise, my code did not succeed in passing the rules. And the cool thing is that you can also where exactly (line number) the code was bad, and also in most cases there is a resolution you can click on.
In this case, it’s giving me the solution to fix this and also a helpful link to a blogpost every SharePoint developer should know better than the date he/she got married..

image

There you have it.. you might wonder what the audience is for this tool. I believe that it’s good for both developer and IT Pro.. it gives the developers a nice little framework on which they can validate their code own. On the other hand, it gives the IT Pro a better understanding if the customization that has been given to them is really that good as the developers say it is. And if something is wrong with it, they can go back to the developers and demand an explanation why they should put into production.

 

Let me know what you think about it!

Comments

  • Anonymous
    May 13, 2011
    I believe the link to MSOCAF has to be HTTPS to work. The HTTP link doesn't seem to resolve.

  • Anonymous
    May 15, 2011
    Thanks Philip, I've updated the link :)

  • Anonymous
    October 15, 2011
    Many thanks for this explanation post

  • Anonymous
    April 18, 2012
    Maybe a stupid question but what is a deployment manifest and how can it be made? I cannot find any explanation about it anywhere when googling.

  • Anonymous
    March 14, 2013
    Robin -- MSOCAF is great!!! Especially for customers. Do you know how long Microsoft will support MSOCAF and whether it is supported to use for on-premise environments? Is it valid to add a rule to our development guidelines which tells the developer to use MSOCAF as code analysis framework? Thanks HOlietenk

  • Anonymous
    April 10, 2014
    You might also want to check out the commercial competitor SPCAF which does many more things. The have a comparison chart between MSOCAF and SPCAF here www.spcaf.com/.../msocaf-vs-spcaf