Lessons learned from building a static code analyzer for C#

Introduction

Static code analyzers are tools used to analyze software code without executing it. They can examine the code to find code smells, vulnerabilities, potential errors, and code out of a defined standard, for example. They work by parsing the source code and evaluating its syntax (structure of the code) and semantic (meaning of the code).

Roslyn, the C# compiler, provides tools for developing Roslyn Analyzers (Static code analyzers for Roslyn), giving access to the syntax and semantic of the …

code csharp defined dotnet errors find introduction lessons learned parsing software software code source code standard structure tools vulnerabilities work