Navigating a new codebase can feel like like landing on an alien planet. That's where static code analysis tools come in handy; they're akin to software tricorders. They provide a general snapshot of unfamiliar code: Is it normal? Is it unusual? Is it dangerous?*
Jeff,
I can’t resist adding DevPartner SecurityChecker to the above list. While it doesn’t cover everything FxCop does, I think it does a much better job on the security front… I’m a little biased though.
I also like NDepend.
The FxCop article you linked to is a good place to start looking at FxCop, but there are a number of more fleshed out articles/sample rules using the introspection engine available.
I really like NDepend. Back in July, I held an XP seminar/workshop where part of my “simplicity” discussion I discussed analyzing and using code metrics to create and maintain simple code. One attendee, Robin Curry, was apparently excited by what I had to say and really took off on his own into using code metrics. He’s even put up quite a few posts on integrating code metric apps, such as NDepends, into the build process. Here is the post where he integrated NDepend into CruiseControl: http://www.robincurry.org/blog/CommentView,guid,3640af37-9a2c-441d-acf9-f79017123cb2.aspx
I just released NDepend 2.0 with some major enhancements such as an interactive view of your application and a language dedicated to query and constraint the structure of your code: Code Query Language. http://www.NDepend.com http://www.ndepend.com/CQL.htm
Check out SemmleCode (http://semmle.com). It’s free, it’s object-oriented, and tightly integrated with Eclipse.
The object-oriented code query language .QL enables superior intellisense (and thus makes writing queries easier), it allows very concise expression of new code queries, and it make such queries easy to share and re-use.