SharePoint Code Analysis Framework (SPCAF)

Even the best developers can commit blunders; moreover, it’s crucial if you are confident that your coding is flawless. This is no different when developing SharePoint apps. Of course, comprehensive development guidelines are a good way to start, but that also require manual verification and fixes. Wouldn’t life be so much easier if this process could be automated?

Visual Studio has partially responded to this requirement by creating tools which analyze code using code analysis tools. However, while pretty good for general development, Visual Studio doesn’t emphasize on SharePoint specific development guidelines.

To code better, SPCAF (SharePoint Code Analysis Framework) provides the most comprehensive code analysis suite for SharePoint.

• SharePoint solutions (.WSP) for SharePoint 2010/2013/2016
• SharePoint apps for SharePoint 2013/2016/Online

Program Analysis is the analysis of computer software that is performed without actually executing programs. In most cases, the analysis is performed on some version of the Source Code, and in the other cases, some form of the Object Code. The term is usually applied to the analysis performed by an Automated Tool.

Do you trust the code in your SharePoint solutions and apps?

How to do Code Analysis for SharePoint?

SPCAF analyzes the code and answers the questions.


• Analyzes WSPs and Apps
SPCAF can analyze code for all SharePoint versions which are using WSP packages or apps
• Visual Studio Integration
SPCAF is fully integrated into Visual Studio and can be easily started by the developer during the day-to-day development tasks
• Client Application
SPCAF provides a client application which can be used to analyze WSPs and Apps when Source Code is not available
• Reports & Dashboards
A high-level view of the analysis results is provided in a dashboard in the SPCAF client application
• Configurable Rulesets
SPCAF comes with several built in rulesets which can be used directly or as a starting point for own rulesets
• Team Build Support
SPCAF can be integrated into the MS TFS Team Build which helps architects or QA managers to ensure that every SharePoint project is continuously analyzed.

Who can use SPCAF?

The Architect:

• Ensure proper design of solutions
• Enforce coding guidelines and naming conventions
• Detect unwanted artifacts or development ways early
• Ensure that the solution is adhering to architecture

The Developer

• Find errors in code fast and early in development process
• Follow best practices and avoid common pitfalls
• Implement company guidelines, coding conventions and policies

The Quality Manager

• Ensure compliance of custom solutions to internal policies and standards
• Protect the environment from potential security issues
• Ensure quality standards in software development
The Administrator
• Protect the SharePoint environment from potential problems
• Ensure supportability and performance of the environment
• In case of problems find the causing SharePoint package faster and reliable

SPCAF – Benefits & Limitations


• Every member knows what happens in the project.
• Bugs are found faster.
• Optimization methods/ tricks/ productive programs spread faster.
• Programmer as a specialist “evolve” faster.
• Automatic implementation of best practices.
• Better structured code.
• Enforcing company/industrial coding standards.


• It’s a desktop based application, results/reports cannot be centralized or published in the tool.
• Require Server license to integrate with TFS.

To sum up, this tool is a must have for all SharePoint projects if you are serious about the quality of your SharePoint code, at farm and app level, then you need to include this in your SDLC processes, at a developer level, during CI builds, and as a QA gate.

Here are a few things that we learned about SharePoint Framework code analysis:

• Cost: It’s an Open Source.
• Domains: This tool can be used for various domains. WinWire has used SPCAF for BSFI, Retail, Manufacturing and Healthcare industry.
• Versions: SPCAF support for various SharePoint Versions (MOSS 2007, SharePoint 2010, SharePoint 2013, SharePoint 2016 and Office 365 – SharePoint Online (E1, E3 and E5))
• Deployment Options: Support for various solution deployment solution options -Farm Solution, Sandbox and App Model.
• Challenges: We have faced a few challenges in Third Party Components and Farm solutions – Crashing.
• Flexibility: We can detect quickly critical coding errors
• Analysis Report: Zero Error/Bugs – We have shared code analysis report along with WSP files. Some customer will not consider .WSP file without SPCAF report.
• Less Configuration: We do not spend more time for framework configuration.
• Server: No Downtime – We used analysis framework during business hours. It’s not really to use only onnon- business hours.
• Code Quality: Helps to ensure the code quality before delivery to the customer or deploying to Production Environment.
• Integration: Easily to Integrate with Visual Studio – There is not any version conflict or functions compatibility issue.
• Performance: We used for Performance Code Analysis- Most of the customer needs this report from each stages.
• File Format: We can create report in different file formats (,xlsx, pdf).