Does anyone have any experience of introducing FxCop to legacy code? We would like to have our build fail if anyone introduces code that violates rules. But for the time being, this is impossible, as the legacy code has over 9000 violations.
The only way to suppress errors I know of is through the SuppressMessage attribute, but that only works on methods, and the GeneratedCodeAttribute. This last one could be used for classes and namespaces (if I recall correctly), but shouldn't be used for non-generated code (see here).
Right now, we take some time each day to remove violations, but new ones keep being introduced, because our build won't fail.
Any ideas?
I have been in a similar situation. I started using FxCop on an existing project some time ago, and had quite a few errors at the start. What I did was to turn off all the rules, then turn on one group at a time, resolving errors as I went.
The Security and Performance groups are a good place to start - they helped me find issues I was not aware of before. Some of the rules are subjective, and may not fully apply to your project, if at all. For example, if internationalization is not an issue, then leave that group turned off. If there are specific rules that do not apply to you, such as naming rules, then turn them off.
If you manage to clear out a set of errors for a certain rule, you can set the build to fail if that rules is violated in the future. So no new errors will creep in.
If it's a project of some size, just go a rule at a time, review the rule's relevance/importance, and either fix the errors or turn the rule off if it does not apply.