Integrate NDepend into your .Net Core projects !

Introduction

In computer science and software engineering in particular, software quality is an overall assessment of software, based on many indicators.

The completeness of the features, the correction and precision of the results, the reliability, the fault tolerance, the facility and the flexibility of its use, the simplicity, the extensibility, the compatibility and the portability, the facility of correction and transformation, the performance, consistency and integrity of the information it contains are all quality factors.

In software engineering, factorization of data and code is the universal means of obtaining quality.

We will talk in this article about NDepend, a tool to help software developers to achieve a high level of quality of their programs.

What is NDepend ?

 

NDepend was created by Patrick Smacchia in 2004, it became commercial in 2007 and evolved a lot since.

It does static code analysis for .NET and you can try it free for 14 days.

NDepend can be used in standalone or integrated Visual Studio mode.

This tool gives you one-click access to many metrics in your code with a graphical representation. Interesting!

With the dashboard the most interesting feature of NDepend is the query language on which it is built: CQLinq

But before let’s take a look on the installation process.

Installation

Installing the NDepend extension for Visual Studio is really easy, download it and install like this by clicking on Visual Studio Extension Installer and then select the Visual Studio version you to install on:

The great thing about NDepend is the ease with which you can get started and the excellent documentation available in their website. There are online videos, tutorials, screenshots, step by step explanations and you cannot go wrong with it.

For more details you can go here for: https://www.ndepend.com/docs/getting-started-with-ndepend#Tuto

Running NDepend

You can run NDepend in standalone with VisualNDepend.exe executable (in the same installation directory than the Visual Studio Extension executable) or run the extension in Visual Studio from the menu:

When you expend the menu you can access to NDepend features.

Let’s see how Dashboard looks like:

On the same screen, NDepend provides many many metrics like :

  • Technical Debt
  • Lines of code
  • Comments
  • Issues
  • Programming rules
  • Code coverage
  • Quality gates
  • And more other features

It provides really huge analysis of your code, you can at anytime take a look at a little summary and recompute your dashboard by clicking on the colored circle at bottom right of your screen, very convenient!

 

Let’s see another crazy feature of NDepend:  CQLinq

CQLinq, which stands for Query Code LINQ, is a query language that you can execute on an abstract model of your code. In concrete terms, you can query your code the same way you would query the views or tables of a database. For example, to search all class constructors, I wrote the following query:

from m in Methods 
where m.IsConstructor
select m

If you want to write your query, go on the NDepend menu, select “Rules” and View “Editor Panel“:

It open a little window where you can type your query, at the same time, the result is displayed at the bottom, nice isn’t it? 🙂

 

There is also VSTS integration:

You can integrate NDepend to your TFS CI/CD process by leveraging a VSTS extension and adding it to your build definition. You can also define a Quality Gate for your project, and fail the build when code quality is not met.

There are also TeamCity, Jenkins, SonarQube and FinalBuilder integration if you don’t use VSTS.

Conclusion

I did not introduce every features of NDepend because it’s a very big and complete product, I chose the most interesting features according to me.

I didn’t precise that all NDepend results can be diff-ed since a baseline:  https://www.ndepend.com/docs/code-diff-in-visual-studio

I didn’t dig into Technical-Debt capabilities:
https://www.ndepend.com/docs/technical-debt that NDepend has facilities to explore dependencies with code graph and DSM (Dependency Structure Matrix)
https://www.ndepend.com/docs/visual-studio-dependency-graph
https://www.ndepend.com/docs/dependency-structure-matrix-dsm
https://www.ndepend.com/docs/cqlinq-features#Dependencies that NDepend can import code coverage data and use it in some rule…
https://www.ndepend.com/docs/treemap-visualization-of-code-metrics#Color

I honestly think NDepend is very powerful and very easy to use. The CQLinq language and the NDepend dashboard are in fact the best features of the tool and in addition I have found nothing equivalent at this level.

However, because NDepend doesn’t correct code for you, I suggest to keep using Resharper that can work in synergy with NDepend. There are few overlap between the NDepend and Resharper rules-sets, while Resharper is more focused on details inside methods body, NDepend focuses more on code structure and overall quality.

The NDepend team is very active and we can expect a lot of good developments in future versions.

I thank Patrick Smacchia, for giving me the opportunity to test his product that I find really excellent.

Patrick when a NDepend-like for SPAs ? 😉

Angular 6: What’s new?

The final version of Angular 6 is now available!

 

New rendering engine: “Ivy”

In the race for performance led by Google with each new version, Angular 6 brings nothing less than a brand new rendering engine, named “Ivy”!

This new engine promises faster compilation, reduced bundle size, better debugging, and more flexibility, while remaining backward-compatible (so you do not have to specifically modify your apps to take advantage of of these benefits).

There are few benchmarks on the subject, but there is an example of application “Hello World” whose size is barely 3.3ko (compressed) against nearly 50ko without this new engine, which promises a significant improvement performs !

However, this new engine is not yet fully compatible and will probably not be compatible with the final release of Angular 6.0.0. To be able to test it, you have to activate it via the enableIvy flag in the compilation options.

Simplified updates

Angular CLI, the command-line tool that makes it possible to generate an Angular application, will offer in its new version (Angular CLI 1.7) a new “ng update” command to automatically update the dependencies of an application.

Note that this new feature is based on Schematics, the tool to transform a project by generating new components or changing its sources.

Component Dev Kit (CDK)

Although not quite new to Angular 6 (existing since Angular 5.1), the CDK (Component Dev Kit) is a component development kit. It is the heart of the Angular Material component library, and allows you to create your own components without reinventing the wheel, while benefiting from the best practices implemented by Google in Angular Material.

It is thus possible to create quite simply its own floating panels (to create for example a context menu, a drop-down list or a tooltip), personalized tabs or tables of data starting from the basic components of the CDK.

Version 6 provides a new tree component for managing trees.

Angular Elements

Being able to create your own components is good, but being able to share them between different projects is even better! It is to meet this need that Google offers “Angular Elements”.

Angular Elements will package Angular components as Web Components.

As a reminder, the Web Components are a standard (https://www.webcomponents.org/specs) allowing in particular to create its own HTML components (called “Custom Elements”). Supported natively by most recent browsers (or via the use of polyfills for others), they make it possible to create truly reusable components that are independent of the development framework used (Angular, React, Vue, etc.).

Angular Elements will allow for example to create reusable Angular components in a React application.

Service Workers and PWA

Progressive Web Apps (PWA) are web applications that can work offline, manage push notifications or even be “installed” on the home of smartphones, like a mobile application.

For the creation of PWA, since Angular 5, the framework allows the management of Service Workers (key component of PWA).

In Angular 6, the implementation of Service Workers will benefit from patches and some new features like the ability to uninstall a Service Worker.

Other news

RxJS, the library for responsive programming by manipulating asynchronous data feeds, will be updated to version 6. For those who do not know RxJS, Angular provides a user guide.

RxJS 6 will reduce even more the size of the bundles.

TypeScript, the typed JavaScript programming language used by Angular, will be updated to version 2.7. You will find all the news of this version here.

Angular Buildtools Convergence (ABC): Google wants to offer its internal tools for everyone to builder Angular applications “as Google does.” For this, Google will propose a new build tool named Bazel. This tool should in particular make it possible to not completely recompile an application with each modification but only the impacted code, thus making it possible to significantly improve the compilation time.

Conclusion

Angular 6 brings many new features to boost application performance and speed up compilation times.

New features around components such as CDK and Angular Elements should also make it much easier to create libraries of reusable components in different projects and even with different frameworks.

Improved Service Workers will also enable Progressive Web Apps to consistently deliver a mobile experience that rivals native apps.

Deprecation of SSL / TLS 1.0

Introduction

This article is based on the following article: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commerce partners or customers who haven’t yet started the migration away from SSL/early TLS to a more secure encryption protocol? Read on for key questions and answers that can help with saying goodbye to SSL/early TLS and reducing the risk of being breached.

What’s happening on 30 June 2018?

30 June 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.

What is SSL/early TLS?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems. It was originally developed as Secure Sockets Layer (SSL) by Netscape in the early 1990s. Standardized by the Internet Engineering Taskforce (IETF), TLS has undergone several revisions to improve security to block known attacks and add support for new cryptographic algorithms, with major revisions to SSL 3.0 in 1996, TLS 1.0 in 1990, TLS 1.1 in 2006, and TLS 1.2 in 2008.

What is the risk of using SSL/early TLS?

There are many serious vulnerabilities in SSL and early TLS that left unaddressed put organizations at risk of being breached. The widespread POODLE and BEAST exploits are just a couple examples of how attackers have taken advantage of weaknesses in SSL and early TLS to compromise organizations.

According to NIST, there are no fixes or patches that can adequately repair SSL or early TLS. Therefore, it is critically important that organizations upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.

Your .NET Code Could Stop Working

What code is impacted?

  • Targets .NET Framework 4.0 or 4.5
  • Uses .NET’s built-in communication framework (HttpClient, HttpWebRequest, etc)
  • Uses default security protocols

What will happen?

If your client code has only SSL 3 and TLS 1.0 enabled when attempting to securely communicate with a server that has only TLS 1.1 and/or TLS 1.2 enabled… it simply won’t work (SocketException). Both server and client must have at least one matching protocol enabled in order to communicate.

What are some options to fix it?

  1. Update your code to explicitly enable the newer protocols.
    This is the option we’re going to explore.
  2. Update your project to target .NET Framework 4.6 or newer.
    This will enable TLS 1.0, TLS 1.1, and TLS 1.2 by default.
  3. Update the registry as described here to enable secure defaults across all .NET applications on the machine.
  4. Rewrite your code to implement a 3rd-party communication framework.

The option you choose depends entirely on your constraints (time, risk, target operating systems, etc). You may not be able to target .NET 4.6 or modify the registry due to a lack of control on your target platform. You might not want to risk rewriting your codebase and retesting.

Thankfully, the code fix is relatively straightforward if you’re targeting .NET 4.5
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

This will ensure that TLS 1.1 and TLS 1.2 are enabled in addition to the system defaults. You can set this once at the beginning of your application to affect all connections in the current AppDomain.

What if I’m targeting .NET 4.0?

Unfortunately, the Tls11 and Tls12values are not defined in .NET 4.0’s version of the SecurityProtocolType enum.

However, if .NET 4.5 or newer is installed on the system, the following code will work at runtime:

using System;
using System.Net;
using System.Reflection;
using System.Runtime.Versioning;

namespace ProtocolCheck {
    class Program {
        static void Main(string[] args) {
            var assembly = Assembly.GetExecutingAssembly();
            var attributes = assembly.GetCustomAttributes(typeof(TargetFrameworkAttribute), false);
            var version = (TargetFrameworkAttribute)attributes[0];

            Console.WriteLine($"Target Framework: {version.FrameworkDisplayName}");

            SecurityProtocolType flag;
            if (Enum.TryParse("Tls11", out flag))
                ServicePointManager.SecurityProtocol |= flag;
            if (Enum.TryParse("Tls12", out flag))
                ServicePointManager.SecurityProtocol |= flag;

            Console.WriteLine($"Enabled Protocols: {ServicePointManager.SecurityProtocol}");
        }
    }
}

By default, all versions of Windows starting with Windows 8 ship with .NET 4.5 or newer.

Unfortunately Windows 7 / Server 2008 only ships with .NET Framework 3.5.1. The solutions for applications targeting .NET 3.5.1 are slightly different than what I’ve covered here. You’ll definitely want to look at Microsoft’s patch for Windows 7 / Server 2008 that enables the new protocols for .NET 3.5.1.