Do you use the Code Health Extensions in Visual Studio?

The code quality standard should extend the Visual Studio Analyzer. A wide variety of additional analyzers can be included via Nuget, the minimum standard should include Roslyn Security Guard.

Related Steps to Code Health

• Do you use the Code Health Extensions in VS Code?
• Do you run the Code Health checks in your VisualStudio.com Continuous Integration Build?

Which Packages to Install in Visual Studio

Search & Install the NuGet packages:

• "Roslyn Security Guard" (Nuget page for Roslyn Security Guard) - Security audit on .NET Applications.

Issues from these will now be returned in the Visual Studio analyzer error list.

Your goal should be to get the issues in a solution down to zero.

If you believe the issues being raised are not important, please check the section below which outlines how to change the ruleset.

Modify Visual Studio Analysis Ruleset

The goal is to develop a shared ruleset across projects. This will ensure the same standard and quality of code is maintained across all of the company's projects.

Any project specific rules should be documented in "_docs\Instructions-CodeHealth.md" which is to be kept in the solution as per Do you make awesome documentation?

You can configure the severity of analyzer rules in an EditorConfig file.

Follow the rule Do you keep your code consistent using .editorconfig? to add EditorConfig file to your project or solution.