The Roslyn analyzers I use in my projects

  • Gérald Barré

Roslyn analyzers provide a live static analysis of your code. They can detect wrong usages of APIs, security issues, performance issues, etc. Analyzers often provide many rules. If some of them do not apply to your project, you can use a .editorconfig file to disable them. Also, some rules are configurable to better match your needs. Be sure to check the documentation before disabling a rule to validate you understand what the rule reports and why it recommends to fix the code.

Adding an analyzer to your project may introduce hundreds or thousands of warnings. If it is the case, I suggest you disable all rules. Then, you can re-enable them one by one and fix the code. This way you'll keep the error window usable.

That's being said, let's see the analyzers I use in almost all projects!

#Microsoft.CodeAnalysis.NetAnalyzers

This analyzer is in fact a collection of analyzers made by Microsoft. It contains hundred rules about cryptography, design, globalization, interoperability, maintainability, naming, performance, portability, usages, etc. For example, it ensures that you implement IDisposable correctly, that you validate arguments in public methods, or that you use an overload with a CultureInfo parameter when possible.

There are 2 ways to use this analyzer, but you should only use one of them. The first method is by using the .NET 5 SDK:

  <PropertyGroup>
    <EnableNETAnalyzers>true</EnableNETAnalyzers>
    <AnalysisMode>AllEnabledByDefault</AnalysisMode>
    <AnalysisLevel>latest</AnalysisLevel>
  </PropertyGroup>

The second method is by referencing the NuGet package:

  <ItemGroup>
    <PackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="5.0.3">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>

The main difference between the 2 ways is how you get updates. Using the .NET SDK, the version of the analyzer is set by the version of the SDK. You'll get updates when you update the .NET SDK. Using the NuGet package, you can get updates without changing the SDK, but you'll have to keep the package up-to-date manually.

#Meziantou.Analyzer

Yep, this is my analyzer 😃 It contains more than 100 rules about performance, usage, security, coding style, etc. For instance, it reports missing CultureInfo or StringComparison, wrong async usages, wrong argument name in ArgumentException, non-optimal usage of LINQ methods or StringBuilder, missing timeouts in Regex, etc.

I've already written about some the Meziantou.Analyzer's rules:

  <ItemGroup>
    <PackageReference Include="Meziantou.Analyzer" Version="1.0.662">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>

#Microsoft.CodeAnalysis.BannedApiAnalyzers

The Banned API analyzer allows to set a list of symbols (types, methods, properties, etc.) that are forbidden in a project. When a developer uses one of the banned symbol, the analyzer reports a warning.

  <PackageReference Include="Microsoft.CodeAnalysis.BannedApiAnalyzers" Version="3.0.0">
    <PrivateAssets>all</PrivateAssets>
    <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
  </PackageReference>

  <ItemGroup>
    <AdditionalFiles Include="BannedSymbols.txt" />
  </ItemGroup>
P:System.DateTime.Now;Use System.DateTime.UtcNow instead
M:System.IO.File.GetCreationTime(System.String);Use GetCreationTimeUtc instead

#Microsoft.CodeAnalysis.PublicApiAnalyzers

Public Api Analyzers contains rules to help library authors monitoring change to their public APIs. This is useful to avoid breaking changes or to document them. This package is used by multiple .NET products such as ASP.NET Core or WinForms.

  <ItemGroup>
    <PackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.3.2">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
    </PackageReference>
  </ItemGroup>

#Microsoft.VisualStudio.Threading.Analyzers

This analyzer detects common mistakes or potential issues regarding threading and asynchronous coding. While there is Visual Studio in the name, the analyzer applies to any .NET project. For instance, the analyzer will check you are not returning null task, or that you don't forget a await in using statements.

  <ItemGroup>
    <PackageReference Include="Microsoft.VisualStudio.Threading.Analyzers" Version="16.9.60">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
    </PackageReference>
  </ItemGroup>

#AsyncFixer

AsyncFixer helps developers in finding and correcting common async/await misuses (i.e., anti-patterns). It currently detects 5 common kinds of async/await misuses and fixes 3 of them via program transformations. Some of its rules are already implemented by Meziantou.Analayzer and Microsoft.VisualStudio.Threading.Analyzers, but it has some unique rules such as AsyncFixer01.

  <ItemGroup>
    <PackageReference Include="AsyncFixer" Version="1.3.0">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
    </PackageReference>
  </ItemGroup>

#StyleCop.Analyzers

StyleCop.Analyzers provides warnings that indicate style and consistency rule violations in C# code. The warnings are organized into rule areas such as documentation, layout, naming, ordering, readability, spacing, and so forth. Each warning signifies a violation of a style or consistency rule.

StyleCop can be used in addition to the .editorconfig file. You may not need this analyzer if everything you want is already supported by dotnet format. Read more about enforcing the code style using dotnet format and an .editorconfig file.

  <ItemGroup>
    <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.333">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>

Do you have a question or a suggestion about this post? Contact me!

Follow me:
Enjoy this blog?Buy Me A Coffee