About Help

Choose a topic from the list on the left or search for a specific topic. Choose a topic from the list or search for a specific topic.
Cmdlets  Providers  Aliases  Modules
 

about_PSScriptAnalyzer

Psscriptanalyzer

PSScriptAnalyzer
         

SHORT DESCRIPTION

        PSScriptAnalyzer is a static code checker for PowerShell script. 
 

LONG DESCRIPTION

        PSScriptAnalyzer checks the quality of Windows PowerShell script by evaluating 
        that script against a set of rules.  The script can be in the form of a 
        stand-alone script (.ps1 files), a module (.psm1, .psd1 and .ps1 files) or 
        a DSC Resource (.psm1, .psd1 and .ps1 files). 
         
        The rules are based on PowerShell best practices identified by the  
        PowerShell Team and the community. These rules can help you create more  
        readable, maintainable and reliable scripts. PSScriptAnalyzer generates  
        DiagnosticResults (errors and warnings) to inform you about potential script  
        issues, including the reason why there might be an issue, and provide you   
        with guidance on how to fix the issue. 
 
        PSScriptAnalyzer is shipped with a collection of built-in rules that check  
        various aspects of PowerShell code such as presence of uninitialized  
        variables, usage of the PSCredential Type, usage of Invoke-Expression, etc. 
          
        The following additional functionality is also supported: 
         
        * Including and/or excluding specific rules globally 
        * Suppression of rules within script 
        * Creation of custom rules 
        * Creation of loggers 
         

RUNNING SCRIPT ANALYZER

 
        There are two commands provided by the PSScriptAnalyzer module, those are: 
         
        Get-ScriptAnalyzerRule [-CustomizedRulePath <string[]>] [-Name <string[]>]  
                               [-Severity <string[]>]  
                               [<CommonParameters>] 
 
        Invoke-ScriptAnalyzer  [-Path] <string> [-CustomizedRulePath <string[]>]  
                               [-ExcludeRule <string[]>] [-IncludeRule<string[]>]  
                               [-Severity <string[]>] [-Recurse] [-SuppressedOnly]  
                               [<CommonParameters>] 
 
        To run the script analyzer against a single script file execute: 
         
        PS C:\> Invoke-ScriptAnalyzer -Path myscript.ps1 
         
        This will analyze your script against every built-in rule.  As you may find 
        if your script is sufficiently large, that could result in a lot of warnings 
        and/or errors. See the next section on recommendations for running against 
        an existing script, module or DSC resource. 
         
        To run the script analyzer against a whole directory, specify the folder 
        containing the script, module and DSC files you want analyzed.  Specify 
        the Recurse parameter if you also want sub-directories searched for files  
        to analyze. 
         
        PS C:\> Invoke-ScriptAnalyzer -Path . -Recurse 
         
        To see all the built-in rules execute: 
         
        PS C:\> Get-ScriptAnalyzerRule 
         

RUNNING SCRIPT ANALYZER ON A NEW SCRIPT, MODULE OR DSC RESOURCE

 
        If you have the luxury of starting a new script, module or DSC resource, it 
        is in your best interest to run the script analyzer with all the rules  
        enabled.  Be sure to evaluate your script often to address rule violations as  
        soon as they occur.   
         
        Over time, you may find rules that you don't find value in or have a need to  
        explicitly violate.  Suppress those rules as necessary but try to avoid  
        "knee jerk" suppression of rules.  Analyze the diagnostic output and the part 
        of your script that violates the rule to be sure you understand the reason for  
        the warning and that it is indeed OK to suppress the rule.  For information on  
        how to suppress rules see the RULE SUPPRESSION section below. 
         

RUNNING SCRIPT ANALYZER ON AN EXISTING SCRIPT, MODULE OR DSC RESOURCE

 
        If you have existing scripts, they are not likely following all of these best  
        practices, practices that have just found their way into books, web sites,  
        blog posts and now the PSScriptAnalyer in the past few years. 
         
        For these existing scripts, if you just run the script analyzer without 
        limiting the set of rules executed, you may get deluged with diagnostics 
        output in the form of information, warning and error messages.  You should  
        try running the script analyzer with all the rules enabled (the default) and 
        see if the output is "manageable".  If it isn't, then you will want to "ease  
        into" things by starting with the most serious violations first - errors. 
         
        You may be tempted to use the Invoke-ScriptAnalyzer command's Severity  
        parameter with the argument Error to do this - don't.  This will run every  
        built-in rule and then filter the results during output.  The more rules the  
        script analyzer runs, the longer it will take to analyze a file.  You can  
        easily get Invoke-ScriptAnalyzer to run just the rules that are of severity  
        Error like so: 
         
        PS C:\> $errorRules = Get-ScriptAnalyzer -Severity Error 
        PS C:\> Invoke-ScriptAnalyzer -Path . -IncludeRule $errorRules 
         
        The output should be much shorter (hopefully) and more importantly, these rules 
        typically indicate serious issues in your script that should be addressed. 
         
        Once you have addressed the errors in the script, you are ready to tackle 
        warnings.  This is likely what generated the most output when you ran the  
        first time with all the rules enabled.  Now not all of the warnings generated  
        by the script analyzer are of equal importance.  For the existing script  
        scenario, try running error and warning rules included but with a few rules  
        "excluded": 
         
        PS C:\> $rules = Get-ScriptAnalyzerRule -Severity Error,Warning 
        PS C:\> Invoke-ScriptAnalyzer -Path . -IncludeRule $rules -ExcludeRule ` 
                    PSAvoidUsingCmdletAliases, PSAvoidUsingPositionalParameters 
 
        The PSAvoidUsingCmdletAliases and PSAvoidUsingPositionalParameters warnings  
        are likely to generate prodigious amounts of output.  While these rules have  
        their reason for being many existing scripts violate these rules over and  
        over again.  It would be a shame if you let a flood of warnings from these two  
        rules, keep you from addressing more potentially serious warnings. 
         
        There may be other rules that generate a lot of output that you don't care  
        about - at least not yet.  As you examine the remaining diagnostics output,  
        it is often helpful to group output by rule.  You may decide that the one or  
        two rules generating 80% of the output are rules you don't care about.  You  
        can get this view of your output easily: 
         
        PS C:\> $rules = Get-ScriptAnalyzerRule -Severity Error,Warning 
        PS C:\> $res = Invoke-ScriptAnalyzer -Path . -IncludeRule $rules -ExcludeRule ` 
                          PSAvoidUsingPositionalParameters, PSAvoidUsingCmdletAliases 
        PS C:\> $res | Group RuleName | Sort Count -Desc | Format-Table Count, Name 
         
        This renders output like the following: 
         
        Count Name 
        ----- ---- 
           23 PSAvoidUsingInvokeExpression 
            8 PSUseDeclaredVarsMoreThanAssignments 
            8 PSProvideDefaultParameterValue 
            6 PSAvoidUninitializedVariable 
            3 PSPossibleIncorrectComparisonWithNull 
            1 PSAvoidUsingComputerNameHardcoded 
             
        You may decide to exclude the PSAvoidUsingInvokeExpression rule for the moment 
        and focus on the rest, especially the PSUseDeclaredVarsMoreThanAssignments,  
        PSAvoidUninitializedVariable and PSPossibleIncorrectComparisonWithNull rules. 
         
        As you fix rules, go back and enable more rules as you have time to address  
        the associated issues.  In some cases, you may want to suppress a rule at 
        the function, script or class scope instead of globally excluding the rule.   
        See the RULE SUPPRESSION section below. 
         
        While getting a completely clean run through every rule is a noble goal, it  
        may not always be feasible. You have to weigh the gain of passing the rule  
        and eliminating a "potential" issue with changing script and possibly  
        introducing a new problem.  In the end, for existing scripts, it is usually  
        best to have evaluated the rule violations that you deem the most valuable to  
        address. 
 

RULE SUPPRESSSION

 
        Rule suppression allows you to turn off rule verification on a function,  
        scripts or class definition.  This allows you to exclude only specified  
        scripts or functions from verification of a rule instead of globally  
        excluding the rule.   
 
        There are several ways to suppress rules.  You can suppress a rule globally  
        by using the ExcludeRule parameter when invoking the script analyzer e.g.: 
         
        PS C:\> Invoke-ScriptAnalyzer -Path . -ExcludeRule ` 
                    PSProvideDefaultParameterValue, PSAvoidUsingWMICmdlet 
                    
        Note that the ExcludeRule parameter takes an array of strings i.e. rule names. 
         
        Sometimes you will want to suppress a rule for part of your script but not for 
        the entire script.  PSScriptAnalyzer allows you to suppress rules at the  
        script, function and class scope.  You can use the .NET Framework  
        System.Diagnoctics.CodeAnalysis.SuppressMesssageAttribute in your script  
        like so: 
         
        function Commit-Change() { 
            [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseApprovedVerbs",  
                                                               "", Scope="Function",  
                                                               Target="*")] 
            param()  
        } 
 

VIOLATION CORRECTION

 
Most violations can be fixed by replacing the violation causing content with the correct alternative. In an attempt to provide the user with the ability to correct the violation we provide a property - `SuggestedCorrections`, in each DiagnosticRecord instance. This property contains the information needed to rectify the violation. For example, consider a script `C:\tmp\test.ps1` with the following content. 
 
PS> Get-Content C:\tmp\test.ps1 
gci C:\ 
 
Invoking PSScriptAnalyzer on the file gives the following output.  
 
PS>$diagnosticRecord = Invoke-ScriptAnalyzer -Path C:\tmp\test.p1 
PS>$diagnosticRecord | select SuggestedCorrections | Format-Custom 
 
class DiagnosticRecord 
{ 
  SuggestedCorrections = 
    [ 
      class CorrectionExtent 
      { 
        EndColumnNumber = 4 
        EndLineNumber = 1 
        File = C:\Users\kabawany\tmp\test3.ps1 
        StartColumnNumber = 1 
        StartLineNumber = 1 
        Text = Get-ChildItem 
        Description = Replace gci with Get-ChildItem 
      } 
    ] 
 
} 
 
The *LineNumber and *ColumnNumber properties give the region of the script that can be replaced by the contents of Text property, i.e., replace gci with Get-ChildItem. 
 
The main motivation behind having SuggestedCorrections is to enable quick-fix like scenarios in editors like VSCode, Sublime, etc. At present, we provide valid SuggestedCorrection only for the following rules, while gradually adding this feature to more rules.  
 
  * AvoidAlias.cs  
  * AvoidUsingPlainTextForPassword.cs 
  * MisleadingBacktick.cs 
  * MissingModuleManifestField.cs 
  * UseToExportFieldsInManifest.cs 
 
         

EXTENSIBILITY

 
        PSScriptAnalyzer has been designed to allow you to create your own rules via 
        a custom .NET assembly or PowerShell module.  PSScriptAnalyzer also allows  
        you to plug in a custom logger (implemented as a .NET assembly). 
         

CONTRIBUTE

 
        PSScriptAnalyzer is open source on GitHub: 
         
        https://github.com/PowerShell/PSScriptAnalyzer 
         
        As you run the script analyzer and find what you believe to be are bugs, 
        please submit them to: 
         
        https://github.com/PowerShell/PSScriptAnalyzer/issues 
         
        Better yet, fix the bug and submit a pull request. 
         

SEE ALSO

Get-ScriptAnalyzerRule
Invoke-ScriptAnalyzer
Set-StrictMode
about_Pester