m-lamonaca/dev-notes
1
0
Fork 0
mirror of https://github.com/m-lamonaca/dev-notes.git synced 2025-04-05 18:36:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

csharp: add code quality notes

Browse source
This commit is contained in:
Marcello 2024-04-10 10:33:50 +02:00
parent fddea60713
commit c45f68184d
No known key found for this signature in database
2 changed files with 502 additions and 441 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
docs/languages/dotnet/csharp/csharp.md
View file

@ -3061,3 +3061,49 @@ public T Current { get; }
```cs linenums="1"
public TaskAwaiter GetAwaiter(/* ... */);
```
## Code Quality
### [Code Analysis](https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/overview)
```xml
<PropertyGroup>
<AnalisysMode>All</NugetAuditMode>
</PropertyGroup>
```
| Level | Description |
|:-------------:| -------------------------------------------------------------------------------------------------------------------------------------------------------|
| `None` | All rules are disabled. Can selectively [opt in][code-analysis-options] to individual rules to enable them. |
| `Default` | Default mode, where certain rules are enabled as build warnings, certain rules are enabled as options IDE suggestions, and the remainder are disabled. |
| `Minimum` | More aggressive mode than `Default` mode. Certain suggestions that are highly recommended for build enforcement are enabled as build warnings. |
| `Recommended` | More aggressive mode than `Minimum` mode, where more rules are enabled as build warnings. |
| `All` | All rules are enabled as build warnings*. *Can selectively [opt out][code-analysis-options] of individual rules to disable them. |
[code-analysis-options]: https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/configuration-options "Coda Analysis Configuration Options"
### [Dependency Auditing](https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages)
```xml
<PropertyGroup>
<!-- required -->
<NugetAuditMode>all|direct</NugetAuditMode>
<!-- suggested -->
<NugetAuditLevel>low|moderate|high|critical</NugetAuditLevel>
<!-- optional -->
<WarningsAsErrors>NU1901;NU1902;NU1903;NU1904</WarningAsErrors>
</PropertyGroup>
```
The auditing of dependencies is done during the `dotnet restore` step.
A description of the dependencies is checked against a report of known vulnerabilities on the [GitHub Advisory Database][github-advisory-db].
Audit Mode:
- **all**: audit direct _and_ transitive dependencies for vulnerabilities.
- **direct**: audit _only_ direct dependencies for vulnerabilities.
[github-advisory-db]: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anuget "Github Advisory Database"

897
poetry.lock generated
View file

File diff suppressed because it is too large Load diff