.NET

NDepend–VSTS/Azure DevOps Integration–Part 01

September 30, 2018 .NET, .NET Core, .NET Framework, Azure DevOps, Best Practices, Code Analysis, Code Quality, Dynamic Analysis, Emerging Technologies, Microsoft, Static Analysis, Tools No comments

In my previous article I wrote an introductory about NDepend and how it will be useful for Agile Team to ensure code quality.

In that article we found how we can use NDepend in a developer machine. Now with this article we will familiarize ourselves in using NDepend in your build automation pipeline in your VSTS/Azure DevOps Build Agent.

There are two types of integration possible for NDepend:

  1. Directly using NDepend Package Extension from VSTS Marketplace
  2. Manual Integration using NDepend Command Line Tool. (This would provide you more control over licensing by setting up the license in your own OnPrem VSTS Build Agent.

For the interest of this article I will cover the use of VSTS Package Extension and using NDepend Build Task in VSTS Build Pipeline.

Installation of NDepend Extension for VSTS/Azure DevOps :

1.) Got to Azure DevOps Market Place:  https://marketplace.visualstudio.com/items?itemName=ndepend.ndependextension

image

2.) Click on Get to Install this extension in to your AzureDevOps account and follow the steps. For the demo purpose I am starting with 30 day free trial, otherwise you can go ahead and buy the full license.

image

image

image

3.) Now when you get back to Azure DevOps project, you can see the NDepend side menu enabled, this is where you would see the report summary of your project.

image

Integration NDepend into Azure DevOps Pipeline :

1.) Select “NDepend Task” and add in to Pipeline

image

image

Note:

  • You can choose to stop the build when at least one quality gate fails.
  • You also need to specify the NDepend project file customized for your project, otherwise NDepend will use their default project file configuration.  Having your own NDepend project file will provide you more control over the policies for the scan.

Queue a new Build and wait for Build to complete. Now you can see the BuildArtifacts includes all NDepend report file.

image

Now you go back to NDepend menu from Left side menu item in Summary Tab. This will provide you detailed view of Technical Debt in your project.

image

image

image

image

image

In the next article I will cover the manual integration steps.

New Microsoft Azure Certifications

September 16, 2018 Azure, Azure SDK, Azure Tools, Certification, Emerging Technologies, MCP, Microsoft, Microsoft Learning, Windows Azure Development No comments

Microsoft has recently announced new certification exam tracks for Azure Administrators, Developers and Architects. Here are the line ups that should help you move your career with right certifications. 

The three new Microsoft Azure Certifications are:

  • Microsoft Certified Azure Developer
  • Microsoft Certified Azure Administrator
  • Microsoft Certified Azure Architect

These certifications would essentially split the previous MCSA/MCSE: Cloud Platform and Infrastructure track and introduce new exams for individual certification track. 

So far I only have limited information available about all the exam numbers for each individual track, as recently Microsoft has made BETA exams available for Microsoft Certified Azure Administrator track. 

These exams are still in BETA, would commence general availability in coming months.  Will keep you posted about newer exams for other tracks as we get to know more. 

References: https://www.microsoft.com/en-us/learning/exam-list.aspx 

70-777 – Azure Cosmos DB Certification Exam (BETA)

August 18, 2018 .NET, Azure, Azure Cosmos DB, Certification, CosmosDB, MCP, Microsoft, Microsoft Specialist No comments

70-777: Implementing Microsoft Azure Cosmos DB Solutions”  is the new Microsoft certification in the town for any Developer or Architect who leverages Azure Cosmos DB. If you understand how Cosmos DB database can be configured and consumed using platform agnostic Cosmos DB API, this certification will help you prove your expertise.

To read more about the exam 70-777 visit: https://www.microsoft.com/en-us/learning/exam-70-777.aspx  ( the link will also provide you guidance on the topics covered by this exam)

As on today, 70-777 BETA exam enrollment started, has around 300 beta seats for this exam, and you must register and take the exam before October,1 2018. Hurry if you are passionate enough to learn and try out this certification exam, please register now before you quote is full.

Steps to Utilize this Offer:

Source: Born to Learn Community

Azure Cosmos DB – Change feed support(PREVIEW)–available

July 26, 2018 .NET, .NET Core, .NET Framework, Azure, Azure Cosmos DB, C#.NET, CosmosDB, Microsoft No comments

Today Microsoft announced the preview of Change feed Support for Azure Cosmos DB, which allows you to build scalable solutions. By default change feed will be enabled in all the accounts.

Change feed provides an output of sorted list of documents that has been changed in the order in which they are modified by client operations. These changes are persisted, can be processed asynchronously and incrementally, they enables developers to write alternative logic to operate upon these change for generation reports, or invoke another operation such as sending email or audit logs etc.

ChangeFeedProcessor

Start using :

Source:

Introduction to NDepend : Static Code Analysis Tool

June 16, 2018 .NET, .NET Core, .NET Framework, ASP.NET, Best Practices, C#.NET, Code Analysis, Code Quality, Dynamic Analysis, Emerging Technologies, Help Articles, Microsoft, Static Analysis, Tech-Trends, Tools, Tools, Visual Studio 2017, VisualStudio, Windows No comments , , , , , ,

As a developer, you always have to take the pain of getting adapted to the best practices and coding guidelines to be followed as per the organizational or industrial standards.  Easy way to ensure your coding style follows certain standard is to manually analyze your code or use a static code analyzer like FxCop, StyleCop etc. Earlier days I have been a fan of FxCop as it was free and it provides me all necessary general guidelines in terms  of improving my solution.

In this modern world of programming everything needs to be automated, as it saves time and money in terms of automating repetitive tasks and improves efficiency. This is where static code analysers coming effective.

What is Static Code Analysis?

Static program analysis is the analysis of computer software that is performed without actually executing programs, on some version of the program source code, and in the other cases, some form of the object code or intermediate compiled code .

Sophistication of static program analysis increases is based on how deep they analyze in terms of behavior of individual statements and declarations, to analyzing the entire source code.

PS: Analysis performed on executing programs is known as dynamic analysis.

In this article I will give you an overview of one such premier static code analysis tool that can be used for your daily development routine plus use it for CI integration for DevOps efficiency.

NDepend:

NDepend is a static analysis tool for .NET, specifically for managed code:  NDepdend supports a large number of code metrics, allowing to visualize dependencies using directed graphs and dependency matrix. It also performs code base snapshots comparisons, and validation of architectural and quality rules.

The important capabilities of NDepend are:

  • Dependency Visualization through dependency matrix and graphs.
  • Analyse and generate software quality metrics – as per the documentation it supports 82 quality metrices.
  • Declarative rule support through LINQ queries, and it is called CQLinq and comes with a large number of predefined CQLinq rules.
  • Integration support for Cruise Control.Net, SonarCube, am City. Code rules can be configured to be checked automatically in Visual Studio or during continuous integration(CI).

License: NDepend is a commercial tool with licensing options as below:

  1. Developer seats – $477 approx. / per seat.
  2. Build Machine seats  – $955 approx. / per seat.

** You could get volume discount if you bulk procure your licenses.

Installation: 

Once you obtained license you will able to download NDepend_2018.1.1.9041.zip, is latest version available while I write this article. Extract the zip file into your local folder, you could see the different packages/executables within the package.

image

1.) NDepend.Console    – Command line program to execute NDepend analysis.  You would be mostly using this component on CI Build server Help

2.) NDepend.PowerTools –  Helps write your own static analyzer based on NDepend.API, or tweak existing open-source Power Tools. Help

image

3.) NDepend.VisualStudioExtension.Installer – To install NDepend extension as part of Visual studio

image

4.) VisualNDepend – Independent visual environment for managing your NDepend tasks.

image

Visual Tool gives you different options to choose from:

  • You can analyse a Visual Studio Solution or project.
  • Analyse .NET assemblies in a folder.

image

image

image

For the demo purpose our analysis target would be one of the starter project from github –  ContosoUniversity by @alimon808.

image

image

Demo: Summary Report

image

Demo: Application Metrics

image

Demo: Dependency Dashboard:

image

Demo: Interactive Graph

image

Demo: Code Matrix View

image

Demo: Quality Gates Summary

image

Demo: Rules Summary

image

Conclusion:

NDepend is one of the best enterprise grade commercial static analyser seen so far.  There are Visual Studio Code Analysis, FxCop and Stylecop Analyzer tools available but they do not provide extensive level of analysis reports NDepend provides. Being a commercial tool it gives value for money for customers by what they need.  In terms of a day to day developer  or devops lifecycle, you can integrate NDepend in your build process, which could be simple as executing the NDepend Console and reviewing the output. With NDepend’s API it is easy to develop your own custom analysis tools based on CQLinq and NDepend.PowerTools(which is open source). You could find all the detailed help in NDepend documentation.

References:

Node.js 9.x.x and npm 6.x.x – “npm audit” to identify and fix security vulnerabilities in dependencies

June 3, 2018 JavaScript, Javascript Development, Modern Web Development, Node.js, NPM, OpenSource, Package Manager, Tech Newz, TypeScript, Web No comments

nodejs-npm

It has been a while I have been reading about the major changes that areintroduced in Node.js 9.x.x / NPM 6.x.x and myself faced by Node.js application going to a toss after I upgraded to Node.js 9.x.x, as I always keep Node.js up to date in my development environment.

I use NVM(Node Virtual Manager) to switch between different version of Node.js and I love the flexiblity NVM provides. So I was able to quickly switch back to 8.x.x version, when I figured out this change.

But npm packgage downgrade did not work using “npm install –g npm@5.x.x” due to old traces of 6.x.x   I had to clean up my npm cache and do npm install again.

Introduction – The “npm audit” command:

Recently with 6.0.0 NPM team has introduced many improvements such as :

a.) Provide protection against insecure code into the workflow during your npm install . When a user downloads code from the npm Registry, npm will review the request against the Node Security Platform database and return a warning if the code contains a vulnerability.

b.) Package signing for publishers.   npm-signature field will allow users of npm packages to verify the integrity of the package regardless of the tools they use to retrieve it or the registry from which they download it.

c.) Security auditing capability (which I am covering in this article).

The audit capability, which provides an ability to perform a security audit  on your project and dependency components.  To simplify it provides a moment-in-time security review of your project’s dependency tree.

  • It will scan your project for any vulnerabilities. 
  • You can choose the option to automatically install the compatible updates vulnerable dependencies.
  • Audit reports contain information about security vulnerabilities in your dependencies.
  • This report also contains necessary steps to be taken to fixe these vulnerability. For example, by running an npm install <package>@new-version.
  • It would work very well with your private/enterprise registries such as artifactory etc. 
  • It  will allow the developer to recursively analyze trees of dependent code to identify specifically what’s insecure.

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of known vulnerabilities.

Quick Insight on the new commands:

  • npm audit      – Scan your project for vulnerabilities and just show the details, without fixing anything.
  • npm audit [—json]      – To provide report in Json format.
  • npm audit fix   – to scan and fix all vulnerabilities
  • npm audit fix –only=prod     – to skip updating devDependecies
  • npm audit fix –force  – will install semver-major updates to all top level dependencies.
  • npm audit fix –dry-run –json   – to do a dry run on the fixes and provide you a report.

NB: Npm audit fix runs a full  npm install under the hood, all configs that apply to the “npm audit fix”  will also apply to npm install.

References: