Monitor 3rd party assembly usage with Sonar

149 Views Asked by kiprainey At 15 November 2012 at 20:32

I have a client with a fairly large (> 150 solutions) code base. They have a list of approved third party assemblies their developers can use, and they would like to use Sonar to help identify projects that are using assemblies that are not on the approved list.

A simple example:

My solution references foo.dll
Foo.dll is not on the list of approved 3rd party assemblies
My solution's use of foo.dll is reported as a rule violation when I run a Sonar analysis

This seems like a fairly simple requirement, but I am having some difficulty determining how it could best be implemented in Sonar.

Original Q&A

There are 2 best solutions below

Mightymuke On 15 November 2012 at 23:12

I have no experience with sonar, and you haven't specified what language your code base is, but a very simple and basic solution could be to parse the project file (usually XML) and validate the included references.

Patrick from NDepend team On 16 November 2012 at 09:11

With the tool NDepend it is immediate (Disclaimer: I am one of the developer of NDepend). You just have to write the code rule:

//<Name>Forbidden third-party assemblies</Name>
warnif count > 0 
from a in ThirdParty.Assemblies.WithNameNotIn(
          "Foo1", "Foo2", "Foo3")
select a

et voila:

NDepend code rule

Monitor 3rd party assembly usage with Sonar

There are 2 best solutions below

Related Questions in SONARQUBE

Related Questions in FXCOP

Related Questions in GENDARME

Trending Questions

Popular # Hahtags

Popular Questions