Static code analysis with NDepend in Azure Pipelines

Static code analysis with NDepend in Azure Pipelines

  1. Creating a multi-stage YAML pipeline in Azure DevOps for .NET projects

  2. Running tests with code coverage in Azure DevOps YAML pipelines

  3. Static code analysis with NDepend in Azure Pipelines

  4. Running e2e tests with Playwright in Azure YAML Pipelines

  5. Publishing Playwright report as an artifact in Azure DevOps

  6. Bicep Infrastructure Deployment from Azure DevOps YAML Pipelines

  7. Blue-green Deployments in Azure DevOps YAML Pipelines

  8. Pre-Deployment Health Checks in Azure DevOps YAML Pipelines

  9. Azure DevOps Best Practices: Breaking Down the Monolithic YAML

In the last two articles we've created a multi-stage YAML pipeline in Azure DevOps and we added a stage for running unit tests. Now I'm going to show you how to do static code analysis using NDepend. I'm going to split this article in two parts, in this one I'm just going to show you how to setup your pipeline and in the next one I'll talk more about NDepend and what it can offer. Let's get started!

1. Wait a minute... why static code analysis?

Before I show you how to install NDepend, let's first talk about why you should use it. In the world of software development it's hard to put a number on productivity, and I like to put numbers on everything. I use Rescue Time to measure my daily productivity (not just programming), I use Ourato put a number on my sleep quality,I added a smart sensor to my chair to measure how long I'm sitting up or down during the day, etc. I think you get the point, and I don't think I'm being crazy here, but you need to put a number on something that you want to improve, otherwise it's really hard to track progress and see if things are moving in the right direction or not. In this case, I want to put a number on code quality, and static code analysis tools allow you to do this.

Of course, there are also some wrong things to put numbers on. For example, you could measure lines of code, number of git commits or pull requests, but this doesn't tell you anything relevant. If anything, it will just increase frustration and it's a good way to have your team resign... maybe I'll talk about this on a future blog post. For now, let's continue with NDepend.

2. Use Windows agents

The first thing you have to do is two make sure you're using Windows agents for running your pipeline. Right now supporting GitHub and Azure DevOps Linux agents is a work in progress so you can only use Windows. To make this change go to your YAML file and make this change from 'ubuntu-latest':

  vmImage: 'windows-latest'

3. Install the NDepend extension into Azure DevOps

To add NDepend into a YAML pipeline you need to install the NDepend extension from the Marketplace:

4. Add the NDepend task

Go to your YAML file and add this code after the build or the test task:

      - task: NDependTask@1
          BinariesOutput: '$(build.artifactStagingDirectory)'
          SYSTEM_ACCESSTOKEN: $(System.AccessToken)

Make sure you add this after the build task or after the test task, it won't work if you add it into a separate stage because it won't have access to your build output.

Here's how my final YAML file looks like:

Now when I run the pipeline NDepend will collect information about the codebase which you can view in Azure DevOps. In the next article I want to show you the dashboard and go through the most important parts like seeing the quality gates, technical debt, coverage, etc.

Did you find this article valuable?

Support Bogdan Bujdea by becoming a sponsor. Any amount is appreciated!