I'm looking at static code analysis for our C# and VB.NET .NET Framework solutions and trying to decide whether to upgrade to Roslyn code analysers, and, if so, which ones to use? We are on VS2019.
And I've read all the Microsoft help pages, which are very unclear about when they are talking about old style code analysis and new style Roslyn based code analysis.
I'm also not clear whether the project to create the new analysers is complete, and if not complete, how far through it is?
I understand (I think) that analysers are included in NuGet packages for .NET Core components. But most of our projects are not on .NET Core.
I'm not clear if analysers are included on .NET Framework NuGet packages? And if they support VB.NET as well as C#?
Also, I assume we should download Microsoft.CodeAnalysis.FxCopAnalyzers for all projects?
We are intending to use StyleCop.Analyzers and Roslynator.Analyzers for the C# projects, but they don't support VB.NET unfortunately.
Also, we wanted to do some Security code analysis. We came across Security Code Scan. Is this well known and safe to use? https://www.nuget.org/packages/SecurityCodeScan/
So, should we switch from the old analysers to the Roslyn analysers for VB.NET .NET Framework projects, given the lack of support from some components for VB.NET? Same question for C# .NET Framework projects?
I assume we should turn off old code analysis if using the new ones and we shouldn't mix the two? Or can/should both be used together?
Many thanks,
James
