Review: SSW Code Auditor
I had found out about SSW's Code Auditor product through one of those ubiquitous Top 10 .NET Developer Tool lists recently, and as I'm at the start of a new project, felt that I should run it through an auditor to nip common code errors in the bud as early as possible. This tool retails for about $305US, and can embed itself right into Visual Studio. Here's my thoughts on it.
The Good:
1) Customized rules are possible to match your own inhouse conventions.
2) The individual rules are mostly great.
3) Works with Team Foundation
4) Works against uncompiled code -- this is very cool.
5) Integrated with JetBrains dotTrace Profiler
What I'd Suggest (Improvements):
1) Trial version does not scan all files -- non-complete trial.
2) Initial run against my web site (just starting out) caused the application to throw an exception. Actually all subsequent attempts to use the addin were also unsuccessful.
3) Spell check for programmers! But there should be a quick button to just run the spell checking rule against the open document via the auditor toolbar.
4) Rule about starting boolean properties with a verb does not take into account existing verbs used in the .NET framework like "Enable" in the case of "EnablePasswordRetrieval"
as in System.Web.Security.MembershipProvider. It caught "Requires" as not being a verb as well as in "RequiresUniqueEmail", which is technically correct, however
this is not something the end user will be able to have control over.
5) Cascading rules should be removed as they are checked off -- ie. When fixing an "Empty Catch Block", this could also fix "No empty code blocks".
6) On the html output report, switching back and forth between views remembers your checkboxes, which is great. However, if I check off that I fixed 3 different rules associated
with the same file in the "By rule" view, and change to the "By file" view, it doesn't know that I fixed all rules associated with that file.
7) The "The Rules" view is fantastic.. they show you each of the rules they check for, the regular expression used to check against, and how many hits for that regex.
8) I'm not convinced all rules can be created via regex.
The Verdict:
I'd use it. I spend so much time in visual studio, and am not alone on the team. Being able to have checkin policies that force a certain level of code quality is worth using this product in and of itself, even without SSW's ability to add customized rules.