Expand Minimize

SharePoint Code Analysis Framework (SPCAF)

Intention behind the SharePoint Code Analysis Tools

SharePoint has grown over years and is today widely used in companies and businesses as intranet or internet portal and as collaboration plattform. One major reason for the success of SharePoint is the extensibility. The powerful API provides unlimited possibilities to customize and extend SharePoint with custom code.

Sometimes this extensibility is good and sometimes it is bad. Inappropriate customization can lead to a SharePoint environment, which cannot be managed anymore. Performance problems, crashed environments and unsatisfied users are the results. And often the migration to newer versions of SharePoint is impossible because of these customizations which leads to huge efforts to migrate at least the stored data in SharePoint.

But to prohibit the customization of SharePoint is not an option for many companies because this would constrain the potential of SharePoint. So we need to find a way to customize SharePoint but prevent that the code impacts SharePoint in negative ways.

One way is to establish rules, conventions and policies which define how SharePoint customization must happen and also which type of customization is not allowed. These rules and policies must be defined (e.g. in customization policies) and must be accepted by all involved people, like developers, architects and also by the business side because these policies may limit the adaptability of SharePoint.

When these policies and rules are defined they must be controlled and measured, ideally with tools for code analysis, like FxCop, StyleCop, FxCop Metrics, SPDisposeCheck, CAT.NET etc.
However, all these tools have one crucial limititation: they cannot analyze SharePoint XML code. The tools can only analyze assemblies and C# source code, but they cannot find errors or issues in the XML of Features, Content Types, Solution packages, Site Definitions etc. The tools can also not analyze the solution packages and can not detect if a SharePoint system file is overridden during depoyment.

For this reason the SharePoint Code Analysis Framework (SPCAF) has been developed: SPCAF "reads" SharePoint solution (.wsp) and app (.app) packages and "converts" the SharePoint XML, assembly, HTML, JavaScript or CSS code into an analyzable structure. This new structure of the code is then processes by five modules to analyze der SharePoint code:

  • SPCop checks the code for violations against over 720 quality rules, including SSOM, CSOM, XML, JavaScript, CSS and much more.
  • SPMetrics calculates 80 SharePoint-specific code metrics to measure the complexity of the code and track changes.
  • SPDepend reports 65 dependency types between the SharePoint artifacts (like Features, ContentTypes etc.) external components.
  • SPInventory creates a detailed inventory of 48 components in the SharePoint packages.
  • Migration Assessment provides guidance how to migrate your SharePoint farm solution to the App model based on the information gathered by the all modules.

Even better, with the free Software Development Kit (SDK), all modules can be extended with custom rules for example to check company specific coding practices.

These tools can be used by architects, developers, quality managers or IT operators to ensure that SharePoint code is conform to their customization policies and conventions.

Highlights in this documentation

The following chapters in this documentation are most important to understand, how the SharePoint code analysis works and how to get the most out of the results.

Overview Describes how SPCAF works internally and describes the system requirements, how to's, the software development kit (SDK) and the available rulesets. etc.
Code Quality Several analyzers checking the quality of the SharePoint code
Metrics Several analyzers calculating code metrics the SharePoint code
Dependencies Several analyzers calculating dependencies between SharePoint code artifacts
Inventory Several analyzers to create an inventory of SharePoint code
Migration Assessment Checks full trust code solutions for potential blockers for a migration to App model.
Third Party Analyzers Integration of 3rd party analyzers into analysis process.
How to's Describes typical tasks when using SharePoint code analysis, like integration into local builds, integration into Team Builds etc.
SDK Describes how to extend SharePoint code analysis e.g. with custom rules by using the SPCAF SDK.

RENCORE - the company behind SPCAF

SPCAF has been developed by expereienced SharePoint architects and developers since 2008 and covers the knowledge and findings of many SharePoint development projects. SPCAF has grown continually and as it became such a powerfull and helpful framework we decided to make it an independent product to provide adequate support and future development.
The company Rencore has been founded in 2013 to sell the SharePoint Code Analysis Framework (SPCAF) as their current main product.

Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.