ScriptAnalyzer in GitHub and availability on PowerShell Gallery

With the release of Windows Management Framework 5.0 April Preview, we are excited to announce that PowerShell ScriptAnalyzer development has moved to GitHub for greater collaboration & community involvement.

https://github.com/PowerShell/PSScriptAnalyzer 

Also, we have published v1.0 of ScriptAnalyzer to PSGallery.

https://www.powershellgallery.com/packages/PSScriptAnalyzer/ 

Here are the significant changes in this release:
 

Features:
  • “Recursive” switch to analyze a folderpath in Invoke-ScriptAnalyzer
  • Three levels of Severity – Error/Warning/Informational
  • Robust Engine that does emits non-terminating errors (Ex: for failed ast parse) and continues rule application when running on multiple scripts
  • Add wild card supports for rules in Invoke-ScriptAnalyzer and Get-ScriptAnalyzerRule. Eg. Invoke-ScriptAnalyzer -IncludeRule PSAvoid* will apply all rules starting with PSAvoid* in built in rule assemblies.
  • Add -Severity to Get-ScriptAnalyzerRules. Get-ScriptAnalyzer -Severity will filter rules based on the severity given.
  • Suppression functionality. Users are now able to specify suppression on certain parts of the scripts by specifying “SupressMessageAttribute”. Also comes with this feature is the ability for users to display a list of suppressed messages. 

Rules:
  • DSC Rules for resources – Parameter validation, Usage of standard DSC functions, return type validation, support for DSC classes
  • Detecting the usage of positional parameters as opposed to using named parameters
  • Detect DSC configuration/resource files and disable default rule checkings on DSC configuration and resource files.
  • UseShouldProcessForStateChangingFunctions – If an advanced function has Verbs like New/Start/Stop/Restart/Reset/Set- that will change system state, it should support ShouldProcess attribute.
  • AvoidUsingWMIObjectCmdlet – For PowerShell 3.0 and above, usage of WMIObject is not recommended. This rule is to detect WMIObject usage in scripts that are written for PS 3.0 and above. 

Fixes:
  • Better heuristics to detect usage of Username and Password instead of PSCredential type
  • Better accuracy in the detection of uninitialized variables
  • Better error messages, added error line numbers and file names
  • Identifying usage of PSBound parameters and PowerShell supplied variables such as $MyInvocation
  • Fixed terminating errors including “Illegal characters in Path”
  • Display properties in output are now consistent with the object properties so it would be easy to do property accessing 
 
Thanks,
Raghu Shantha
PowerShell ScriptAnalyzer Team