Back to all posts

Monitoring and Improving Code Quality with NDepend

Posted on Mar 22, 2019

Posted in category:
Productivity Tools

Regularly I'll be asked which tools/utilities I like to help improve my code quality, or to solve specific issues. Recently I've been working to improve the code quality, unit test coverage, and other aspects of many projects, some mine, and some Open Source. Maintenance of code is always a sticky situation, its important to the long term support, however, when working with clients if they cannot see it, it is hard for them to justify the costs. To help get around this limitation I've been using a product called NDepend for a number of years, but only internally. This has all changed, and I thought what a great time to share my experience.

My Goals

Before digging into the details, I think it is important to understand the items that would define success for me. With all of my projects, I am looking to monitor some key metrics.

  • Unit Test Coverage
  • Adherence to best practices (naming, format, complexity)
  • Trend monitoring (ie are we improving)
  • A method to show the scope/scale of progress

Additionally, I wanted to be able to monitor this information WITHOUT adding burden to myself, I didn't want to have to take any manual action.

NDepend Azure DevOps Extension Enters the Game

I've been aware of NDepend for years, and have used it, however, its usage was sporadic. Recently their team released a new edition of their product that installs as an Azure DevOps extension. This provides an amazing ability , and the results are stored in Azure DevOps. This is perfect! So what can we do with it?

Lines of Code

Lines of Code DisplayOne of the first summary blocks on display with the NDepend Azure DevOps extension is a report on Lines of Code. I find this very helpful to see growth over time. You can see from this screenshot that it can differentiate between custom code and generated code, which is greatly helpful to manage project size.

Quality Gates

Quality Gate ReportYou are able to create your own quality gates for your project and it will report on the pass/warn/fail rates for each of these gates.

This is one area that most organizations will need to configure to match the expectations, especially if the project being monitored is an existing one. The default gates place a large emphasis on meeting the various issue types and having good code coverage. So it is easy to possibly overlook the values when first starting.

Code Coverage Reporting

Code Coverage ReportThis display is a great graphical representation of the overall code coverage. The information that they display is incredibly helpful, but for those alarmed with a "high score" value should be cautioned that the report of this widget has three categories, including a "not coverable" section. This is often NOT disclosed/counted when looking at coverage, so a lower percentage that you are used to isn't always an alarming situation.

Issue/Rule Validation

Issue Summary This for me is where the real power comes into play with NDepend. Their product allows you to query your code and validate adherence to rules, out of the box they provide a plethora of rules; however, you can tweak/add/reclassify these rules all you want. There are rules for naming, method structure, class structure, performance and everything in between. Do you hate it when anyone on your team uses a parameter name of "input," you can create a rule and have it reflected here!

Drilling into issues is also easy, with specific code references to where the issue was identified, such as the below.

issue details

In Summary

I've found NDepend to be a great tool to help me monitor my code quality. The new ability to include NDepend analysis as part of my builds has moved it from the "cool tool I use when I remember" to an integral part of my development process. There is a bit of a setup/learning curve to add/remove the rules that match your desires, however, it is time well spent.

Have experience with NDepend, I'd love to know your experience. Know of other good code analysis tools?