Using Parameters for SQL Server Queries and Stored Procedures (edit)
https://stackoverflow.com/questions/45064204/c-sharp-sql-server-add-parameter-to-query
https://csharp-station.com/Tutorial/AdoDotNet/Lesson06
Visual Studio Code Analysis
- Analyze code to see the report & suppress messages
- Review SQL queries for security vulnerabilities: Using parameters in SQL Queries + Stored Procedure
- Analysis Code
- How to find unused code
- How to find redundant code
- How to find duplicate code
List of tools for static code analysis
ReSharper: https://www.jetbrains.com/resharper/ (ReSharper makes Visual Studio a much better IDE - Code analysis, Refactorings, Navigation and search, Code generation)
ReSharper CommandLineTools: GOOD
SonarSource: https://www.sonarsource.com/ (Continuous Code Quality - We solve problems that virtually every company developing software is facing)
- Axivion Bauhaus Suite – A static code analysis tool suite for Ada, C, C++, C#, and Java code that performs various analyses such as architecture checking, interface analyses, MISRA checking, and clone detection.
- Code Dx – Software application vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Supports C, C++, C#, Java, JavaScript, JSP, PHP, Python, Rails, Ruby, Scala, VB.NET and XML/XSL.
- ConQAT – Continuous quality assessment toolkit that allows flexible configuration of quality analyses (architecture conformance, clone detection, quality metrics, etc.) and dashboards. Supports Java, C#, C++, JavaScript, ABAP, Ada and many other languages.
- Coverity – A static analysis tool for C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP, & Python.
- Kiuwan – Software Analytics end-to-end platform for static code analysis and automated code review. It covers defect detection, application security & IT Risk Management, with enhanced life cycle and application governance features. Support for over 20 languages, including Objective-C, Java, JSP, JavaScript, PHP, C, C++, ABAP, COBOL, JCL, C#, PL/SQL, Transact-SQL, SQL, Visual Basic, Visual Basic .NET, Android (operating system).
- Micro Focus Enterprise Analyzer and COBOL Analyzer. Static code analysis and visualization tools for legacy and mainframe applications. Analyze code in different languages including COBOL, PL/I, Natural, RPG, Java, Assembler, Easytrieve, VB, C/C++, PL/SQL, C#, VB.NET, KornShell, Job schedulers and more.
- SonarQube – A continuous inspection engine that finds vulnerabilities, bugs and code smells. Also tracks code complexity, unit test coverage and duplication. Supported languages: ABAP, Android (Java), C, C++, CSS, Objective-C, COBOL, C#, Flex, Forms, Groovy, Java, JavaScript, Natural, PHP, PL/SQL, Swift, Visual Basic 6, Web, XML, Python, Ruby, Go, Scala, Kotlin, Apex.
- Parasoft dotTEST – A static analysis, unit testing, and code review plugin for Visual Studio; works with languages for Microsoft .NET Framework and .NET Compact Framework, including C#, VB.NET, ASP.NET and Managed C++.
- Sonargraph – Supports C#, Java and C/C++ with a focus on dependency analysis, automated architecture check, metrics and the ability to add custom metrics and code-checkers.
- StyleCop – Analyzes C# source code to enforce a set of style and consistency rules. It can be run from inside of Microsoft Visual Studio or integrated into an MSBuild project.
