Open Source Scanning in Visual Studio Team Services with WhiteSource Bolt

Most organizations today consume open source software in their development projects. The reuse of components enables great productivity gains. However, this practice has an unintended consequence: you can reuse security vulnerabilities or violate licenses without realizing the risk. I wrote about this in an article in MSDN Magazine on Rugged DevOps. For users of VSTS, there… Read more

SonarSource have announced their own SonarQube Team Services / TFS integration

Microsoft have been partnering with SonarSource for almost two years to bring SonarQube to .NET developers and to make it easy to analyze MSBuild and Java projects from Visual Studio Team Services, TFS and Visual Studio. The partnership, and Team Services extensibility, have now matured to the point that we have jointly decided that it… Read more

Live Dependency Validation in Visual Studio 2017

Last month we announced that Visual Studio “Dev15” Preview 5 now supported Live Dependency Validation. In this blog post, I’ll give you an update about: an on-demand //connect 2016 video we’ve recorded about Live Dependency Validation improvements in the experience in Visual Studio 2017 RC known issues: what did not make it for RC, but… Read more

UML Designers have been removed; Layer Designer now supports live architectural analysis

We are removing the UML designers from Visual Studio “15” Enterprise. Removing a feature is always a hard decision, but we want to ensure that our resources are invested in features that deliver the most customer value.  Our reasons are twofold: On examining telemetry data, we found that the designers were being used by very… Read more

Maven and Gradle build tasks support powerful code analysis tools

Over the last few months we have been steadily building up the capabilities of the Maven and Gradle build tasks to offer insights into code quality through popular code analysis tools. We are pleased to announce additional much-requested features that we are bringing to these tasks, which will make it easier to understand and control… Read more

Live architecture dependency validation in Visual Studio “15” Preview 5

In the past year, you told us that you considered removing unwanted dependencies to be an important part of managing your technical debt. The Layer designer enables you to validate architectural dependencies in your Visual Studio solutions. It first shipped in Visual Studio 2010, and is now part of Visual Studio Enterprise. But the experience… Read more

Maven and Gradle build task support Checkstyle analysis

A few sprints ago we enabled SonarQube and PMD analysis on the Maven and Gradle tasks. We continue to add code analysis tooling to the Java build tasks with Checkstyle support for Gradle, and – in a few days – for Maven. Checkstyle Analysis Checkstyle is the analyzer of choice for enforcing a coding standard. It is a… Read more

Gradle build task now also supports PMD analysis

Last month, we enabled support for PMD analysis in the Maven build task (see The Maven build task now supports PMD analysis out of the box). This is now the turn of Gradle. PMD Analysis with Gradle You can now request a PMD analysis in the Gradle build task using the new “Run PMD Analysis”… Read more

Managing Technical Debt planning update – 2016Q3

[Nov 2016: Added a status Update with links on details for what was done]   Back in January, I shared with you our SonarQube integration Update and plans for the first half of 2016. I’ve just updated that blog post to ensure that all the links were added to the individual blog posts for the… Read more

The Maven build task now supports PMD analysis out of the box

Simple Java static analysis tools In addition to working on the SonarQube integration, we received feedback from some of you that you would like the Maven and Gradle tasks to perform static analysis using common Java tools such as PMD, CheckStyle, and FindBugs. These tools are also supported though SonarQube plug-ins, and most of their… Read more