The guys at NDepend reached out to me earlier this year to offer a chance to evaluate their product. Having self described itself as The “Swiss Army Knife” for .NET Developers, Architects and Teams, I was pretty intrigued. Not being one to turn down free stuff, I agreed and finally got around to having a play around this weekend. Below are the results of my investigation. I am using Visual Studio 2019 v16.7.2.
What is NDepend?
When strangers on the internet reach out and offer me free stuff, my default thought is that something nefarious is afoot. It would be amiss if I didn’t perform some sort of due diligence. I did some poking around and came to the conclusion that NDepend is:
- Written and maintained by Patrick Smacchia (Patrick is a Microsoft MVP)
- Owned by Zen Program Ltd, which is registered in Maritius
- Blogged about multiple times by some well known developers
This was about the extend of my due diligence. Let’s be honest, someone who is handing out product evaluations for a C# code analyser is probably trying to increase their userbase rather than steal my data (and joke’s on you if you are Patrick, because I have nothing worth stealing). In his email, Patrick writes the below:
NDepend is a static analyzer 100% integrated in Visual Studio and Azure DevOps that simplifies managing a complex .NET code base.
OK, cool. Sounds like we’re dealing with some type of code quality tool. This is different to the .NET tools I’ve previously used which are mainly runtime profilers from RedGate and JetBrains. Profilers are used to detect issues and potential optimisations to code at runtime. The idea behind NDepend looks like it analyses your code based on configured rules to help a developer increase the quality of their code by detecting rule violations at an early stage. This should increase maintainability, reduce technical debt, and also help you code cleanly with fewer bugs.
Downloading and installing was relatively straightforward, as well as registering the product with my license key. After it was installed, I could see it available under the Extensions menu.
Unfortunately I did’t have a large enough personal project to test the tool on, as most code I write belongs to my employer. Instead, I downloaded the source code of the dotnet coreclr from GitHub to see what the tool thinks of the Microsoft code base. (Let’s hope it’s good).
NDepend allows you to create an NDepend poject to add to your solution file. This will allow you to run your code analysis and take snapshots at points in time for comparison. It also allows you to analyse solutions and DLLs ad-hoc if you don’t want to add more files to your code base. Handy if only one team member has a license, such as the team lead or dev manager.
The .NET coreclr contains a lot of code, so I decided to run the analysis on the System.Private.CoreLib solution, which contains the guts of .NET, such as core types and functions. After you run analysis on your project, you are presented with the menu above. There are three main options that you can explore, and I will go through each below.
The dashboard contains a lot of information which is relatively intuitive as a summary page. As you can see below, the System.Private.CoreLib has relatively high technical debt. In fact, according to NDepend it would 498 days for me to get this code to an A standard. Handy if you need to estimate how much resource to throw at a tech debt cycle. I had suspected that technical debt would be relatively high, as the .NET Core libs have evolved over such a long
time. Anyway - so far, so good.
Looking at a few of the other metrics, I can see that System.Private.CoreLib has a whole load of issues according to this tool. By clicking on the number next to the labels, you can drill into the results on a separate panel. I found that being able to focus on just Critical and Fail violations quite handy, and imagine it would be useful if you were going to target specific
This panel allows you to drill further into each rule violation, and tell you exactly where in your code this was found. In fact, by expanding and hovering over the item, you get even more information in the form of a popup tooltip. By double-clicking the line, it will even take you to the right file in your editor (I imagine this uses some sort of PDB magic). I won’t delve too much more into this, but judging from the code - it looks like Microsoft isn’t running as tight a ship as I once thought.
NDepend comes with a dependency graph implementation. It’s nothing special, but neat to have bundled in with the extension. You can see from the picture below that it’s not particularly great when visualising large libraries, but I imagine it would be fine on your average enterprise application.
It has the usual functionality, like double-clicking on a component to make it the centre of the universe, with caller/callee dependencies from it’s perspective. One of the cooler features is to be able to right-click and jump to source. I also like the infinite zoom functionality, and can only imagine what a headache it was to get the vector graphics and spline implementation to work.
A much cooler feature is the built in dependecy matrix. Whilst the graph is a good visual representation, the matrix allows a much more precise drilldown through namespace / class / method. This is good if you know exactly what you are looking for. It will also tell you the amount of dependencies and references, and allows you to jump to the relevant place in your visual dependency graph.
The coolest part of NDepend for me, was being able to see how the tool works by going through the Queries and Rules explorer. Each rule is written in a Linq like language dubbed CQLinq. There is the ability to edit the existing rules to suit your needs, or add new ones if you have specific requirements for your code quality. Anyone who knows me will know that I love config driven software, and this is no exception.
You have the ability to create rule groups, assign matching criteria, criticality, and debt metrics. It even seems to re-evalutate on the fly once rules are changed. Even though I got this tool for free, it feels like they’ve bundled in a free gift with infinitely extensible software.
I should note that there are other features of this tool that are bundled in such as a Code Metrics view (basically a TreeMap with size corresponding to number of lines of code). It can also generate reports with the same information as the Dashboard - which is probably useful if you run the tool as part of your Azure / TFS build pipeline. You can even get different flavours of the tool to integrate with the CI/CD tool of your choice (Jenkin, Bamboo, TeamCity, etc).
Trialling this tool on Microsoft’s .NET Core source code was probably not the smartest thing to do, but it certainly demonstrated that the tool is performant even on the largest of libraries. I can see that when used appropriately, it will give positive steer to your code quality. By catching these issue early, you end up with a high quality code base that is hopefully easier to maintain in the future. It should also simplify your code somewhat, and make it easier to catch those bugs that are hard to track down. Now if only I hadn’t just taken a job as an R / Python developer…