HOWTO Analyze PowerShell Scripts with PSScriptAnalyzer

Marc Rufer 16 Sep 2016 PowerShell

A few weeks ago we started publishing our PowerShell modules to PowerShell Gallery. After publishing the module biz.dfch.PS.Appclusive.Client the first time we got an email from PowerShell gallery with some code analysis results with severity Error. As written in the email the analysis was performed with a module called PSScriptAnalyzer. We considered the project description and documentation at GitHub and were excited. The PSScriptAnalyzer is a static code checker for Windows PowerShell modules and scripts. It checks the quality of scripts, Cmdlets, module manifest and module definition against a set of rules. The code checker Cmdlet returns code analysis results with different severities including suggestions for improvements.

Last week we played around with the PSScriptAnalyzer by checking the above mentioned PowerShell module ourselves with the PSScriptAnalyzer. The analysis of the diagnostic results revealed, that some of them were false positives. We identified them and then suppressed them. All the other results were very helpful to identify errors, unused variables, missing help in Cmdlets, etc. The non suppressed results got corrected and now there are only a few Warnings left, which we could not suppress.

In the next sections I’ll show you how to install the PSScriptAnalyzer and provide a summary with different usages of the Invoke-ScriptAnalyzer Cmdlet

Installation/Setup

The easiest way to install the PSScriptAnalyzer is, by using the Install-Module Cmdlet of PowerShellGet in combination with PowerShell 5.

Install-Module -Name PSScriptAnalyzer

Analyze

Analyze a single PowerShell file

Invoke-ScriptAnalyzer -Path PATH_TO_SCRIPT_FILE

Analyze all PowerShell files in a specific folder and its sub folders
```
Invoke-ScriptAnalyzer -Path PATH_TO_SCRIPT_FOLDER -Recurse
```

Exclude some rules from the analysis

Invoke-ScriptAnalyzer -Path PATH_TO_SCRIPT_FOLDER -Recurse -ExcludeRule "PSAvoidUsingCmdletAliases", "PSAvoidGlobalVars"

Do analysis by applying only one specific rule

Invoke-ScriptAnalyzer -Path PATH_TO_SCRIPT_FOLDER -Recurse -IncludeRule "PSAvoidGlobalVars"

Suppress

False positives can be suppressed by decorating scripts/functions with .NET’s SuppressMessageAttribute's. For more details see here

Conclusion

After palying around with PSScriptAnalyzer I started doing the analysis as part of code reviews. As a next step I’ll check how I could easily integrate the PSScriptAnalyzer into our publishing process on TeamCity. I’ll write another blog post about that as soon as I have integrated it.

comments powered by Disqus

Posts

HOWTO Access Azure File Share in PowerShell Script executed by a Scheduled Task BUG "Task Scheduler service is not available" Error, if specifying Network Connection Condition HOWTO Sync OneDrive on Server even if Windows User not logged in HOWTO Access Microsoft Access Database with PowerShell Get NetworkCredential from PSCredential splits Username into Username and Domain HOWTO Create LocalDB File (.mdf) manually in Visual Studio 2015 HOWTO Set Cookie Header on DefaultRequestHeaders of HttpClient HOWTO Set up PowerShell Remote Session Configuration HOWTO Analyze PowerShell Scripts with PSScriptAnalyzer HOWTO Sign PDF with SuisseID NoBrainer PUT/PATCH/MERGE with OData Service Client Apply Commit from one Repository to another GitHub Repository creation with PowerShell HOWTO Sign PowerShell Script with SuisseID Swissunihockey game schedule PDF generator HOWTO Maven Release on JetBrains TeamCity Limitations when running Activiti in H2 Embedded Mode HOWTO Pylint Integration in IntelliJ 14 HOWTO Install Windows 10 IoT Core on Raspberry PI 2 from a VM First steps with Dropwizard Allman code style for IntelliJ First steps with Flyway IntelliJ - Setup custom inspection profiles Configuration properties meta-data support in IntelliJ AMQP Integration with spring integration OCA Java SE 7 Programmer I Certification Guide Swissunihockey key matcher Swisscom SMS-API-Client Some hints concerning logging with Log4j IFTTT A brilliant service Run deltacloud on a VirtualBox-VM Project specific maven settings in IntelliJ AngularJS Javascript for beginners Liferay in Action