2

I have a client with a fairly large (> 150 solutions) code base. They have a list of approved third party assemblies their developers can use, and they would like to use Sonar to help identify projects that are using assemblies that are not on the approved list.

A simple example:

  • My solution references foo.dll
  • Foo.dll is not on the list of approved 3rd party assemblies
  • My solution's use of foo.dll is reported as a rule violation when I run a Sonar analysis

This seems like a fairly simple requirement, but I am having some difficulty determining how it could best be implemented in Sonar.

kiprainey
  • 3,241
  • 4
  • 29
  • 29

2 Answers2

1

With the tool NDepend it is immediate (Disclaimer: I am one of the developer of NDepend). You just have to write the code rule:

//<Name>Forbidden third-party assemblies</Name>
warnif count > 0 
from a in ThirdParty.Assemblies.WithNameNotIn(
          "Foo1", "Foo2", "Foo3")
select a

et voila:

NDepend code rule

Patrick from NDepend team
  • 13,237
  • 6
  • 61
  • 92
0

I have no experience with sonar, and you haven't specified what language your code base is, but a very simple and basic solution could be to parse the project file (usually XML) and validate the included references.

Mightymuke
  • 5,094
  • 2
  • 31
  • 42
  • Thanks for your comment the code base is in C#, so the likely tools would be Sonar's own xpath-based tool, fxcop, and gendarme. – kiprainey Nov 16 '12 at 04:07
  • FxCop and Gendarme essentially do the same thing, but have slightly different rules. I don't believe either has a rule that will support what you need, but they both provide the functionality to run your own custom rules. However if sonar supports some kind of xpath based analysis, then that is the direction I'd personally take to try to keep the process as simple as possible. – Mightymuke Nov 16 '12 at 04:16