How can we use VS2012 Static Analysis Rules with FxCop 10 Standalone

Question

We're struggling to get some rules that work fine in the VS2012 code analysis tool, to appear in FxCop 10.

Specifically we're trying to get CA2100 - "Review sql queries for security vulnerabilities"

We've tried adding the DLLs from VS2012 (11) but it doesn't seem to work.

Our goal is to ultimately run the VS2012 ruleset as part of a TeamCity build, so we'll probably end up with the cmd line version, but our build agents do not have vs installed and hence we need to use the standalone version.

Any help much appreciated dan

Answer 1

The VS 2012 rule assemblies are compiled against a different version of the FxCop core assemblies than FxCop 10 (which is the same as that used for VS 2010), so no. However, if your goal is to run this as part of an automated build, the version of fxcopcmd.exe (plus its dependencies) found in your VS 2012 installation should work fine on your build server. Licensing considerations may, however, apply.