SharePoint Code Analysis Framework (SPCAF)

Intention for SharePoint Code Analysis

SharePoint has grown over years and is today widely used in companies and businesses as intranet or internet portal and as collaboration plattform. One major reason for the success of SharePoint is the extensibility. The powerful API provides "boundless" possibilities to customize and extend SharePoint with custom code.

Sometimes this extensibility is good and sometimes it is bad. Inappropriate customization can lead to a SharePoint environment, which cannot be managed anymore. Performance problems, crashed environments and unsatisfied users are the results. And often the migration to newer versions of SharePoint is impossible because of these customizations which leads to huge efforts to migrate at least the stored data in SharePoint.

But prohibit the customization of SharePoint is not an option for many companies because this would constrain the potenzial of SharePoint. So we need to find a way to customize SharePoint but prevent that the code impacts SharePoint in negative ways.

One way is to establish rules, conventions and policies which define how SharePoint customization must happen and also which type of customization is not allowed. These rules and policies must be defined (e.g. in customization policies) and must be accepted by all involved people, like developers, architects and also by the business side because these policies may limit the adaptability of SharePoint.

When these policies and rules are defined they must be controlled and measured, ideally with tools for code analysis, like FxCop, StyleCop, FxCop Metrics, SPDisposeCheck, CAT.NET etc. However, all these tools have one crucial limititation: they cannot analyze SharePoint XML code. The tools can only analyze assemblies and C# source code, but they cannot find errors or issues in the XML of Features, Content Types, Solution packages, Site Definitions etc. The tools can also not analyze the solution packages and can not detect if a SharePoint system file is overridden during depoyment.

Thats why SharePoint Code Analysis Framework (SPCAF) has been developed: SPCAF "reads" SharePoint solution packages (.WSP) and "converts" the SharePoint XML into an analyzable structure. This new structure of the code is used by 4 major tools to analyze der SharePoint code:

• SPCop checks the code for violations against more than 300 rules.
• SPMetrics calculates SharePoint code metrics and helps for instance to measure the complexity of the code.
• SPDepend analyzes dependencies between the SharePoint artefacts (like Features, ContentTypes etc.) and detects dependencies to external components.
• SPInventory creates a detailed inventory of all elements in SharePoint packages.

These tools can be used by architects, developers, quality managers or IT operators to ensure that SharePoint code is conform to their customization policies and conventions.

Team behind

SPCAF has been developed internally since 2008 and covers the knowledge and findings of many SharePoint development projects. SPCAF has grown continually and as is became such a powerfull and helpful framework we decided to make it an independent product to provide adequate support and future development.
The company RENCORE AB has been founded in 2013 by SharePoint architects to sell the SharePoint Code Analysis Framework (SPCAF) as their current main product.

Highlights in this documentation

The following chapters in this documentation are most important to understand, how the SharePoint code analysis works and how to get the most out of the results.