If you ever wanted to know if your SharePoint code is good enough, then look no further than MSOCAF which stands for Microsoft Online Code Analysis Framework. This tool was primarily build to validate custom SharePoint code that will run in BPOS-D farms (SharePoint online dedicated) however nothing is stopping you from downloading the tool and validate your own WSP to see what Microsoft thinks of it! 😉
Code analysis within MSOCAF focuses on areas like memory management, security vulnerabilities, exception management, object model usage, quality gates for unsupported features and reporting. The framework leverages existing tools like FxCop, CAT.Net, and SPDisposeCheck to analyze custom solutions.
So how does it work? Well, first you need to download the tool from https://caf.sharepoint.microsoftonline.com/Default.aspx, then start it up, you will get this screen (looks nice and shiny eh?):
Next, click on Analyze. It will tell you how the folder structure of your deployment must look like:
Click on Next to move on, there you will be told which rules will be used to check the code:
Now, probably a lot of ‘standard’ rules will not really apply to your code. I mean, personally, I’ve never used any P/Invokes (at least, not that I’m aware off 😉 so the chances are unlikely that the “Move P/Invokes to NativeMethods class” rule in the Design section will be fired. So instead, focus on the rules that are defined in the custom rule set and the Memory Management one.
After reviewing the rules, click on Next to get the screen where you can locate the folder structure that holds your solution
Now, let me share that will be reviewed.. and be aware this is bad code!
Curious what the tool will be say of this? So am I!
And here we are, as a surprise, my code did not succeed in passing the rules. And the cool thing is that you can also where exactly (line number) the code was bad, and also in most cases there is a resolution you can click on.
In this case, it’s giving me the solution to fix this and also a helpful link to a blogpost every SharePoint developer should know better than the date he/she got married..
There you have it.. you might wonder what the audience is for this tool. I believe that it’s good for both developer and IT Pro.. it gives the developers a nice little framework on which they can validate their code own. On the other hand, it gives the IT Pro a better understanding if the customization that has been given to them is really that good as the developers say it is. And if something is wrong with it, they can go back to the developers and demand an explanation why they should put into production.
Let me know what you think about it!