Gendarme is a extensible rule-based tool to find problems in .NET applications and libraries. Gendarme inspects programs and libraries that contain code in ECMA CIL format (Mono and .NET) and looks for common problems with the code, problems that compiler do not typically check or have not historically checked.

Gendarme uses the Cecil library to introspect code.

Why ?

1. Because we often repeat our mistakes. The biggest one being not to review things we know;
2. Because it's a lot funnier (and safer) to write a rule than to review millions of source lines of code (SLOC) to ensure it's being followed.

History

Gendarme was originally created by Sebastien Pouliot to assist in the security auditing process in Mono. Aaron Tomb later integrated his .NET bug-finding code (supported by the 2005 Google Summer of Code, GSoC) into the same framework. Since then the number of contributors (http://anonsvn.mono-project.com/source/trunk/mono-tools/gendarme/AUTHORS) and rules has been growing.

Gendarme tasks has proven popular in GSoC (http://code.google.com/soc/2008/) (three projects in 2007, one in 2008) and the new Google Highly Open Participation (http://code.google.com/opensource/ghop/2007-8/) (GHOP) with 17 tasks (totalling 40 rules) for the first edition (2007/2008).

Runners

Gendarme's rules are executed against user code by using a 'runner'. This is the application responsable to load the rules, user assemblies, analysis and finally reporting defects. Gendarme currently ships with two different runners.

Console

A console-based runner is available to use Gendarme, and the rules, on your own compiled code. It is capable to output its results directly on the console, into XML files or into nice looking HTML reports. This runner is the one that includes the most options.

man gendarme

will provide help about all options available from the console runner.

Wizard

A GUI (System.Windows.Forms) runner is also part of the Gendarme distribution. This is a simple, wizard-based, runner that allows you to select assemblies, rules and report the analysis results just like the console runner does (i.e. text, xml or html reports). However it has fewer options (to remain simple) than the console runner.

CruiseControl.NET

Daniel Nauck (http://www.mono-project.de/) (dna on IRC) contributed Gendarme support for CC.NET (http://confluence.public.thoughtworks.org/display/CCNET/Welcome+to+CruiseControl.NET). You can find the documentation here (http://confluence.public.thoughtworks.org/display/CCNET/Using+CruiseControl.NET+with+Gendarme). Note: The Gendarme task will be available after the (CC.NET) 1.4.3 release.

NAnt

Néstor Salceda (http://nestor.babuine.net/), a long time Gendarme contributor, has released a first preview version of a NAnt (http://nant.sourceforge.net/) task-based runner. A screencast (http://nestor.babuine.net/wp-content/uploads/2008/10/gendarme-nant.ogg) showing it in action is available. The preview can be downloaded from Gendarme's Google Group files section (http://groups.google.com/group/gendarme/files).

Daniel Nauck (dna) also created a NAnt task for Gendarme. Unlike the previous one this is not a runner itself but calls the console runner, which reduce the build dependencies.

Rules

Gendarme is modular and load all of it's rules from assemblies, i.e. there are no hard-coded, static, rules.

For the console runner the list of loaded rules assemblies is defined in the rules.xml configuration file and can be adapted to different needs (e.g. project specific rules). The wizard runner will display every rules present in it's installation directory.

Current rules are divided into the following categories/assemblies:

• Gendarme.Rules.BadPractice
• Gendarme.Rules.Concurrency
• Gendarme.Rules.Correctness
• Gendarme.Rules.Design
• Gendarme.Rules.Design.Generic (new in 2.2)
• Gendarme.Rules.Design.Linq (new in 2.2)
• Gendarme.Rules.Exceptions
• Gendarme.Rules.Interoperability
• Gendarme.Rules.Maintainability (new in 2.0)
• Gendarme.Rules.Naming
• Gendarme.Rules.Performance
• Gendarme.Rules.Portability
• Gendarme.Rules.Security
• Gendarme.Rules.Security.Cas (new in 2.2)
• Gendarme.Rules.Serialization (new in 2.0)
• Gendarme.Rules.Smells
• Gendarme.Rules.Ui

Download

Linux

• Since Mono 1.9 Gendarme is part of mono-tools and is available on most recent distributions
• Packages for many distributions and, from time to time, even preview versions are also available from the openSUSE Build Service (http://software.opensuse.org/search?baseproject=ALL&p=1&q=mono-tools)

Windows

• A Win32 installer (msi) is available on the Ohloh (http://www.ohloh.net/projects/gendarme/download?package=Win32+installer) web site.

Binaries only (multiplatform)

• A ZIP file that contains the latest binaries and configuration files is also available on the Ohloh (http://www.ohloh.net/projects/gendarme/download?package=Binaries) web site. This requires Mono 2.0 or the .NET framework 3.5 to be installed to execute properly.

Source Code

• Tarball (http://anonsvn.mono-project.com/viewcvs/trunk/mono-tools/gendarme.tar.gz?view=tar) from SVN (trunk); or
• Browse SVN (http://anonsvn.mono-project.com/source/trunk/mono-tools/gendarme/) for individual files

Other Cool Stuff

• NAnt task runner (http://groups.google.com/group/gendarme/files)

Resources

• What's planned ? Gendarme.Roadmap
• What's happening ? You can read real-time news on Gendarme's development on its Ohloh's journal (http://www.ohloh.net/projects/gendarme/messages).

Getting Help

• A list of frequently asked questions can be found in Gendarme.FAQ.
• If you wish to develop rules, or hack on Gendarme itself, then you can find some basic answers on this FAQ.
• You are welcome to participate in Gendarme's discussions on it's Google Group (http://groups.google.com/group/gendarme). This group is used for both users and developers of Gendarme.
• Gendarme's fans are also present on IRC (#gendarme on GIMPnet).

Feedback

Please report any documentation errors, typos or suggestions to the Gendarme Google Group (http://groups.google.com/group/gendarme). Thanks!