April 15, 2025 • 53 mins
In this episode of Dynamics Corner, Kris and Brad are joined by Arthur van de Vondervoort for a lively conversation on source code analysis. The talk explores source code analysis, its benefits, and the tools available to developers, including LinterCop, a community-driven code analyzer for the AL language built on the Roslyn framework. Arthur elaborates on LinterCop’s evolution, its 90+ rules (with expansion plans), and its role in enhancing performance, security, and coding standards. Emphasis is on its ease of integration, customization potential, and ability to catch bugs early while highlighting the importance of team collaboration in defining coding rules and bridging cultural appreciation with technical innovation, showcasing how tools like LinterCop are shaping modern development.
#MSDyn365BC #BusinessCentral #BC #DynamicsCorner
Follow Kris and Brad for more content:
https://matalino.io/bio
https://bprendergast.bio.link/
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome everyone to another episode of Dynamics
Corner.
Can cop analyze things?
I'm your co-host, chris.
Speaker 2 (00:09):
And this is Brad.
This episode is recorded onMarch 6, 2025.
Chris, chris, chris.
Another day, another greatepisode, another great
discussion about rules and codeanalyzers.
Source code cops.
Do we have custom cops and beerWith us today?
(00:33):
We had the opportunity to speakwith Arthur.
Speaker 1 (00:48):
Good morning Good afternoon.
Speaker 3 (01:01):
Good afternoon Hi.
Speaker 2 (01:02):
How are you doing?
Speaker 3 (01:04):
I'm doing great, excellent.
I'll be here in Belgium.
It's Thursday afternoon, hi,how are you doing?
I'm doing great, excellent.
I'll be here in BelgiumThursday afternoon, so looking
forward for heading into theweekend almost.
Speaker 2 (01:14):
Excellent.
Speaker 3 (01:15):
Excellent.
Speaker 2 (01:16):
I'm envious when we talk with individuals that are
ahead of us in time, becauseyou're going to get into your
weekend or to your eveningbefore we do.
I'm a little bit ahead of Chrisso I can get into my evening
and weekend and I let him knowthat regularly how I'm starting
my weekend or I'm already intomy evening while he's still
working.
So I feel like just a littlebit.
Speaker 1 (01:38):
But you go back to work before me, so I get to
savor my weekend at least.
Speaker 2 (01:48):
Oh, I go back to work way before you.
Yeah, for many reasons, formany reasons.
So, uh, I've never been tobelgium.
I would like to go to belgiumoh, you should absolutely do
that.
Speaker 3 (01:59):
it's a fantastic year .
Um, I'm originally from theNetherlands and then I moved
over here to Belgium.
I think it's a great country.
It has some complexity onstructures and everything, but I
like the mentality andhospitality that's here in
Belgium.
So every year we have also BCTech Days, of course, so you're
(02:22):
more than welcome.
Speaker 2 (02:23):
Yes, yes.
Speaker 3 (02:27):
But no, I really like it here.
It's more smooth going and I'mliving in the green area of
Belgium and it's called theKempen, so there's a lot of
green around us, of nature, sothat's a really lovely place
here to live in.
Speaker 2 (02:46):
I like the green areas that's interesting that
they call it the green area andall the conferences in Europe I
would love to get to and I tryto get to every year.
It's just a challenge.
I'm certain if you've ever cometo the United States it's not
so close.
We're so close with each otherfrom communication and talking,
(03:06):
but sometimes there's quite abit of logistics that need to go
into it and sometimes we justgot to get on a plane and do it.
I'm hopeful that you knowSpaceX or something will be able
to just make a rocket to fly usover the pond.
Speaker 1 (03:19):
They're trying to bring back that.
Supersonic flights Was theConcorde.
Yeah, yeah, they're trying tobring about concord.
That'd be amazing to be able toget on that.
Just get to europe quickly anduh.
Then, yeah, I'll definitely fly, I'll definitely go there much
easy.
Uh, he has something to do withsome safety stuff, I think, and
(03:45):
many other factors, and that'swhy they stopped the noise.
The environmental factor, Ithink, was one of the reasons
why they stopped.
And so they're trying to builda technology on those where
it'll minimize the noise thatsonic boom it makes, I guess
apparently, minimize the noisethat sonic boom it makes, I
guess apparently, and once theyfigure that out we'll be back on
(04:08):
bringing those flights acrossintercontinental.
That would be amazing.
Speaker 2 (04:12):
That would be great.
I did have a lot I'd like tospeak with you about, but
speaking about Belgium, is thatwhere the Belgian waffle started
?
Speaker 3 (04:24):
That's a good question.
I'm not sure, to be honest.
That's a very good question.
I do think it's really a thingyou have to try if you're here
in Belgium.
If I did some holidays here inEurope and stuff, nothing beats
a Belgian waffle In other partsof Europe.
It's still different.
There are a few things here inBelgium that I just have to
(04:46):
taste here to get a greatexperience on it.
It's strange because the recipeis known and it's not hard to
make a waffle if you look at therecipe, but if you then taste
it in another country it's stilldifferent.
So that's a funny thing fromhere.
But we have more deliciousthings.
(05:07):
Of course.
We can talk hours of all kindsof beer.
Speaker 2 (05:11):
Oh, Belgian beer.
Speaker 3 (05:14):
It's a luxury beer.
That's how you get quite easyused to it Because, coming from
the Netherlands, we had a fewbeers on there and then moved
over to Belgium.
Then I really experienced whatbeers could do and what tastes
and flavors there are.
But then again, if you goacross Europe and also maybe in
(05:37):
other parts, it's not quitecommon to find a real good
Belgian beer.
Speaker 2 (05:44):
I wish we had something like that here.
I don't know what people thinkof.
When you think of the UnitedStates, what do you think of for
food?
Because I hear Italy, I thinkof pizza and wine.
I hear France, I think ofpastries.
I hear Belgium, I think ofwaffles and beer.
I think of Ireland, I think ofwhiskey.
Speaker 1 (06:02):
And I'm not saying, this is the.
Speaker 2 (06:04):
Yes, and Guinness whiskey, right, and I'm not
saying this is the.
I'm not saying yes, andGuinness beer, but I primarily
think of whiskey and Guinness.
But you have some countries andI'm not saying that's the only
thing, that's there, I'm justsaying from a food product point
of view.
That's what comes to my mind,based on what I hear, because
I've only been to countries onthis side of the world, so I
(06:25):
haven't been to any Europeancountries.
But what do you think offood-wise when you hear the
United States?
Speaker 3 (06:33):
It's funny that you say so.
We share that little bit incommon.
I only have on this side of theocean.
I've never been across theother side, to be honest, so
only from a European guyperspective.
If I think America, the firstthing for me is a little bit
thinking of burgers, the firstpart burgers good yeah, but it
has it to be.
(06:54):
Uh, that has to be a bad thing.
Um, of course you have yourmcdonald's kind of area, but a
good quality burger I can alsoreally appreciate that, so it's
not really bad.
But that's something that popsin my head.
I can't explain why.
Speaker 2 (07:10):
That's good.
That's exactly what I waslooking for Because, as I had
mentioned, I hear countries andI think of I must say a lot
about me, but I immediatelythink of food products that I
think of from those countries.
So I've been curious to knowwhat others from Europe, such as
yourself, think of for foodcountries.
So I've been curious to knowwhat others from Europe, such as
yourself, think of for foodwhen they hear the United States
.
Speaker 1 (07:29):
A quick question when you talk about beer, are beers
typically served roomtemperature in Belgium, Not like
ice cold beer?
Speaker 3 (07:43):
Not room temperature.
That's not going to be okay.
It's cold, but it doesn't haveto be freezing cold, but it has
to be chilled from arefrigerator part, otherwise
it's now.
Maybe there are some that arebetter if they're going to room
temperature, but it's not commonto do that.
I don't think I can have a warmbeer.
Speaker 1 (08:04):
How about sour beer?
Do you guys have sour beer inBelgium?
Speaker 3 (08:11):
What do you mean by sour beer?
Speaker 1 (08:12):
Can you?
Speaker 3 (08:12):
help me a little bit on that.
Speaker 1 (08:14):
I guess it's a certain thing that maybe Germany
has some sour beer and it'skind of a sour beer is is trying
to pick up here, at least whereI'm at in washington state.
But you know, washington stateis, I think, one of the biggest
producers of hops in the us andso they're starting to bring in
(08:37):
uh, sour beer and so they'retypically served as kind of like
room temperature and it's it'sreally a little bit of sour and
it's sometimes a different tasteor different flavors, like
there was one time I drank a keylime pie sour beer and it's
beer, but I can taste key limepie, which is amazing, so it's
(08:59):
pretty interesting.
Speaker 2 (09:01):
Key lime pie is really good.
I don't know if I'd have a keylime pie flavored beer and sour
beer and hops.
I'm.
I've gotten to the point now,chris.
Everything you say I'm grokking.
So you, you gave me oh you werecorrect, washington's is.
According to grok, again,washington is the state in the
us that produces the most hops.
(09:21):
In 2023, it accounted forapproximately 76.6 million
pounds of hops.
You were supposed to be theChris GPT, but now, just on the
Grog, grog, bad Grog I hear someof these things and now I'm
going to have to.
I'm redoing my setup after thisto have Grog on speed typing.
I'll move my setup around so Ican type all this stuff up.
(09:44):
I enjoy the beer conversation.
I enjoy the food conversationeven more, but that's not the
reason why we're all here today.
But before we jump into theconversation, would you mind
telling everybody a little bitabout yourself, please?
Speaker 3 (10:00):
Yeah, absolutely, my name is Arthur van de
Vondelvoort.
I work as a solution architectat Verrui here in Belgium, where
most of the days I spend onBusiness Central as part of the
product, but also I like theareas around it, like, of course
, the Power Platform, but alsoDevOps is also an area of
(10:22):
interest of me, so I'm movingaround in that area a little bit
of the product in our community.
Speaker 2 (10:29):
Excellent, excellent, and I've been talking with
Chris and others a lot aboutdevelopment standards and how
individuals create code and puttogether their code and
structure their code.
And one of the things that'savailable within VS Code or for
the AL language excuse me, whenyou're using VS Code now, others
(10:51):
are using other environments aswell is source code analyzers,
and word on the street is thereare many.
There are a few, but you're oneof the source code analyzer
guys to go to if you have anyquestions.
So, if you would, can you tellus a little bit about source
code analysis and what it is?
Speaker 3 (11:10):
Yeah, absolutely.
The source code analysis isfrom the product.
Microsoft also includes threeof them.
You have the UI cop, the codecop and then an extension cop
and also for AppSource one.
So four of them in total andwhat they will help you is well
doing development.
(11:31):
So your NVS code, your appwriting code, and it will then
immediately analyze every lineof rule that you write to see if
there are maybe code smells orsome things that could go wrong,
and it will then help you dothe development already to see
(11:51):
are there things I need tochange or things that maybe can
go wrong, or are there someproblems in your code.
That's really doing thatwithout even running the code.
So there inside your VS Code,it's already like more of an
assistant that looks over yourshoulder and then if you do a
wrong syntax or something, itwill gently say to you oh, look
(12:14):
over there, maybe you should trysomething else or that's not
going to work.
So more like maybe, anassistant role.
You can look at it a little bitlike that.
Speaker 2 (12:25):
So source code analysis.
Would you classify it?
You had mentioned that withinVS Code we have four analyzers.
Would you mention it to be moreof a syntactical, cosmetic-type
analysis, or a functional-typeanalysis, or both?
Speaker 3 (12:46):
I believe my opinion is that it will do both type
analysis or a functional typeanalysis, or both.
I believe my opinion is that itwill do both.
It will mostly, indeed, run onthe syntax.
That is the most easy part toanalyze.
It will also look on thestructure of your code or how
the codes interact with otherparts from other parts of code
or maybe other extensions wehave a dependency on.
(13:07):
So it'll try to figure out asmuch as possible.
So it's not only the syntax butit's more of an whole package
that it can cover to analyze on.
Speaker 2 (13:20):
I'm a big fan of source code analysis, just for
many reasons, but I often wonderhow does it work, right?
So it's how does it work andhow does it really analyze the
code?
And then also word on thestreet, as I say, is you also
(13:40):
participate in another sourcecode analyzer, so you may be
able to tell us a little bit ofhow the analysis works?
Because, just like with manythings, the concept is great, I
understand it, but the practicalapplication of it is
challenging.
Speaker 3 (13:56):
Okay, I think we have to get a little bit back in
time.
If we go back to the Nevisiontimeframe, we had the good old
seaside development.
We had our own developmentenvironment within the
application itself and you canwrite the code in there, and
(14:20):
that was okay-ish.
Speaker 2 (14:23):
Well, okay-ish, we called it the Wild Wild West.
Back in the early days.
It was the Wild Wild West, Ithink.
Now, eventually, when they gaveyou the breaks for the
functions, you know where theyhad the bar.
Early in the days, back when Istarted, it was just basically a
text file within thedevelopment environment and you
couldn't do anything.
(14:43):
So I really need to get myhands on version 1.2.
I don't know if you could get alicense for it, but I started
with version 1.1.
I would love to go back in timeand install that and take a
look at it or even all of thesubsequent versions.
But I don't mean to interrupt.
Go back to the OK-ish.
Speaker 3 (15:03):
No, no, it's good to know, because I think that's a
great example to start on,because it felt a little bit
like programming in Notepad.
That was kind of thinking whatyou're doing right, so if you
make a syntax error oreverything, you would get
punished if you rolled it out toa test environment, or if
you're unlucky, you'll notice itwhen it's in production.
(15:23):
That was the era we were usedto, maybe as an Envision
developer and I also had thosedays.
I started really on developmentin NAV 2017 something-ish.
So I know the hurdle ofexporting FOP files or exporting
to TXT files, and now, withsome tools, merging some of your
(15:45):
code with your colleague codesand all that fun stuff
notepad-wise to develop on, andwith Business Central.
I think it was a hugeopportunity and I really think
it was awesome that we thenmoved over to a modern
development toolset maybe theright word on it.
(16:06):
So we received VS Code where wecan develop them we have.
The AL language was then broughton and also other kind of stuff
like, for example, git was justa normal factor, and all those
things that were new for us were, in other programming languages
, quite common to use.
If you look, for example, ifyou are a C-sharp developer,
(16:27):
it's quite normal to have yourVS Code or Visual Studio.
You have Git all the stuff thatwas new for us back in those
days.
They were already using it andquite good at it, and the great
part is that when we moved overto the AL language, the code
analyzer was also a part that'salready in there for C-sharp
(16:49):
developers already there.
Microsoft has provided aplatform on that.
It's under the hood, it'scalled the Roslyn Analyzer.
That's a framework that cananalyze your code for you in
development.
So if you, for example, woulddo a C-sharp project, you'll
also get maybe warnings orerrors or info messages right
(17:10):
there in Visual Studio.
Speaker 2 (17:13):
So Roslyn is another architecture or language or
application that's within the ALlanguage, to help with the
source code analysis or thesource code structure.
Speaker 3 (17:26):
Correct.
The AL language is depending onRoslyn, as I think it's a
framework.
If I'm not mistaking, the ALlanguage is depending on that to
help to analyze the code on itand the benefit of it is that
it's not only specific for theAL language.
More languages can use theRoslyn analyzer, so that's a
(17:46):
great benefit of that.
Of course, it has someadaptions on it for the specific
syntaxes of the AL language,like a code unit or that kind of
stuff.
Speaker 2 (17:58):
Okay, and with the source code analysis, just to go
back.
So Microsoft has four.
You have the UI, which I thinkwill help with some UI structure
.
You have the AppSource analyzer, which has specific rule sets,
for when you submit an app toAppSource, there are certain
rules that need to be applied.
(18:19):
You have two other ones you hadmentioned.
Speaker 3 (18:23):
You have the general CodeCop analysis.
That will be more of a genericapproach.
We'll look at if there are somesyntaxes that maybe aren't
right.
That's not specific targeting,that's more looking at the
syntax of the code itself.
And you mentioned the UICop.
(18:44):
For example, tooltips are there, maybe an option?
Are there or set visibility offields?
And then you also have, ofcourse, depending on if you go
to AppSource or a per-tenantextension.
Both of them have their ownAppSource cop and for a
per-tenant extension it will,for example, look at the object
numbers.
That has to be in the 50,000 to100,000 range, for example.
(19:06):
That kind of stuff will helpone of those code analyzers help
you with to make those mistakesduring your development.
Speaker 2 (19:14):
Excellent, excellent.
You with to make those mistakesduring your development,
Excellent, Excellent.
You know I always end upputting the per-tenant extension
and the app source extensionexcuse me analyzer.
It's been one of those mornings.
I'm lost.
I often put the per-tenantextension analyzer and the app
source extension analyzertogether in a project.
(19:36):
I always just use all of themand I always have to put in a
suppression of warnings for theID.
It's interesting enough.
Speaker 3 (19:47):
That's funny.
You mentioned that there aremore colleagues also there, I
know of them.
They also said I'm not going touse one or the other.
I'm going to use both of thembecause both of them have.
They also said I'm not going touse one or the other.
I'm going to use both of thembecause both of them have
interesting rules for, dependingon what I say One step back,
let's go to sentence that againyou can use both of them because
there are some rules in theEpsosCOP that are also valid for
(20:09):
a patented extension.
For example, we still need tohave prefixes or suffixes on our
objects.
The namespacing is getting lessand less depending, but as of
today we still need them.
A rule for that is in theAppSource pop code analyzer, not
in a patented extension.
But it is a good practice toalso have that for your PTs
(20:32):
Patented extension also, to havethat rule active that you don't
forget to set a suffix or aprefix on your objects.
So you can also have all fourof them active.
But then you have to suppresssome specific rules that don't
apply for the target you'retargeting on your extension.
Speaker 2 (20:52):
I'm happy to hear that I'm not alone in that.
That makes me feel good,absolutely so.
With those four extensions, andas I started to get into a few
moments ago, there's anothercode analyzer that is quite
popular among AL development andthat's Linterkop.
So it's a fifth code analyzer,correct, and can you tell us a
(21:16):
little bit about Linterkop?
Speaker 3 (21:18):
Absolutely.
Linterkop is a community-drivencode analyzer.
I have to do a shout-out toStefan Moran on that, and I
think it was September 21 thathe paved the road a little bit
to create a fifth one.
He called it Lintocop as anopen source code analyzer.
(21:41):
So that's free available onGitHub so you can use it and see
how it's built and worked.
And he started that Lintocopback in 2021.
And I've got it on my radar.
I think like a half year later,something is beginning on 2022.
(22:03):
And I was quite enthusiasticabout it.
There are some great rulesalready in there in the
beginning that I said.
It's quite obvious to have themand to help you during your
development.
What's always in my head is whyI do really like the LinterCop
as a product and also the otherones, of course.
It will help you resolveproblems by taking away its root
(22:31):
cause.
What am I going to say withthat?
In my previous company, whensometimes I was struggling with
something or trying to solve aproblem, I know my boss already
asked me what problem are youtrying to solve, artur?
What's going wrong?
And I can explain what wasgoing wrong and why and all the
stuff around it, and hechallenged me always with.
(22:55):
But what was the root cause?
Can we take away the root causethat the problem will never
reoccur again?
That was really a helpfulmindset for me that instead of
trying to fix the problems, whydon't we take away what's
causing it, before the problemeven can occur?
And Linterkop has a quite simplerule that I think is fantastic.
(23:17):
The first rule of thecollection is if you, for
example, make a flow field typein the product, that's mostly a
field that is being calculatedand then shown on a page or on a
list, for example, for the user, by default that field is
editable, and that is a littlebit strange Because, for example
(23:39):
, you go to your customeroverview and you see that the
balance is calculated, but thenyou can write something over
that field, and that's, ofcourse, strange.
There are maybe some scenariosthat it could be OK, but most of
the time it's strange to have acalculated field that you can
add it on as the user.
(23:59):
And to prevent that, lintercopwill during development.
If you make a field like that,you forget to set a property
it's already in VS Code show youa warning or a diagnostic.
That is a flow field and you'readvisable to set the property
and it's able to false, and inthat way I think it's quite
(24:22):
helpful because as a developer,you can maybe forget to set a
property.
Everything you test works.
You ship it off to maybe yourconsultant or the customer and
then you can get that feedbackback from.
I see a problem.
That field should be editableand you have to do the cycle
again to modify your code,releasing all the steps, and you
(24:44):
can take away that causing theproblem by, for example, using
Lintacop.
So that's what I really likeabout it it will help you take
away, maybe, the causing of aproblem instead of trying to fix
your problems.
Speaker 2 (24:58):
That's good.
So Lintocop is a code analyzerthat you use in addition to the
other standard AL code analyzersthat will help come up with
resolving problems that you justmentioned.
That whole editable flow field,that was a problem way back in
the early days as well becauseit did some strange things to
(25:19):
your data if you edited a flowfield Early on.
If you edited a flow field thatwas a sum of data it would
actually change the data in asense underlying of it.
But way back, I haven't triedit now because I've been so used
to making flow fieldsnon-editable.
It's just out of habit.
(25:40):
But I have to do a quick test,if you can if you change the
value, what happens with theunderlying data that it's
calculating, or if at this pointit just looks strange.
So that's a little go back intime way back oh wow, I didn't.
Speaker 3 (25:56):
I didn't know it would change your data, that's
that's mind-blowing.
Speaker 2 (26:00):
Unless my dinosaur brain forgets and I assumed it,
but I remember back in theearlier versions of nav, if you
edited a flow field, it wouldadjust the data to make sure
that the total matches, orsomething like that oh wow, the
source data would adjust it yeahinteresting.
I could be talking, you know,sideways, but that's what I
remember.
It's um that's dangerous yes,that's why.
(26:25):
That's why he said the numberone rule is to make a flow field
non-editable.
Yeah, and I think if I were abetting man it'd go way back in
time to then back to the days ofediting in Notepad.
I like that.
That's a great analogy to whatit was like editing or
developing in Notepad.
But, this was over 20 years agotoo, so a lot of improvements
(26:46):
have been made.
So Lintocop works in additionto the Microsoft code analyzers
that come as part of theapplication.
With it being community-driven,the community, in essence, can
come up with their own standardsas well, I guess, because with
many languages there is nice tohave some sort of
standardization, because asapplications get moved from
(27:08):
developer to developer, otherdevelopers come onto a product.
It's nice to have some sort ofstandard.
Speaker 3 (27:13):
I guess you could say Absolutely, and it's getting
more of a Swiss Army knife it'sbecoming, because now you're,
for example, mentioning alsostandards to use on.
There are, I think, currentlymore than 90 rules on it.
I think this year we're goingto cap the 100 different rules
in there, and it's a mix ofdifferent kind of stuff.
(27:36):
It could be for structure partson it how should something look
, or something involved but alsothere are some stuff on
performance, some stuff on alsolinting a bit, a little bit of
security.
It's going multiple directions,so it's not focusing on one
thing.
It's getting more, broader andbroader to indeed try to solve
(28:01):
as much ground as possible tohelp improving.
Speaker 2 (28:05):
See, I like that.
It does more than justformatting standards you had
mentioned.
It can also help catch someperformance considerations as
well, too, within the code.
Speaker 3 (28:18):
Yeah, absolutely so.
The name Linterkop is quiteknown, so I don't think we're
going to change that, but itstarted a little bit, I think,
in that direction.
Then it grew with help of thecommunity and that for
performance.
It has a few nice rules.
But for example, like is we'reall known to the log table
(28:40):
command we can use In somescenarios.
It's necessary to use that forprocessing data in some
scenarios.
But recently not recently, Ithink, only two or three
versions ago-ish we have the newproperty read isolation, so we
could get more granularly setthat instead of the log table
(29:02):
and that's something the codeanalyzer also will detect what
version you're programmingagainst of your extension and it
will then show a diagnostic onall your log table you have in
your extension to change thatand update the new read
isolation.
That's a better approach on it.
(29:23):
And also some other fun stuff.
For example, if you have thegeneral letter entries, for
example, and you have somefunction you want to know do
account that's equals to zero,for example, and you have some
function you want to know doaccount that's equals to zero,
for example, if you'd have thatencode, it will do a full run on
the whole table to figure out.
Is it really the result zero?
(29:46):
But we also have the isEmptycalls added to the product a
while ago and it's much moreperformance than doing account,
because account will do somestuff on indexing, on SQL stuff
and it's more heavy for the SQLserver to come up with and as
empty as it's blazing fast.
So also there are some areaswhere LidlCop will help you
(30:08):
improve your code to uptake newfeatures that were there or to
gently help you to switch somesyntax in to have a better
performance on it.
Speaker 2 (30:19):
So LinterCop you had mentioned has 90 rules to date
and this year you're expectingthat it would go over 100 rules.
When using LinterCop, can youenable and disable the rules,
similar to what we can do withthe standard code analyzers
through pragmas, through rulesets or through suppression,
(30:43):
warnings or suppression?
Yes, suppression in the appfile.
Speaker 3 (30:48):
Yeah, the great part is that LinterCop behaves
exactly the same as the othercode analyzers.
That ships with the product, sothere isn't really much
difference between them.
So indeed, if you want tochange the rules what you feel
is best for maybe you or yourteam or the organization you
work on, you can indeed use, forexample, rule sets, same as the
(31:14):
built-in code analyzers, alsosupported on it, and also the
pragmas and all that good stuffyou have will also work for the
LinterCOP.
Lintercop is compatible withthe other code analyzers on the
same way.
Only though it's nice youmentioned that because for me
also, and I know for multiplepeople out there, by bringing on
(31:36):
the rules it's always difficult.
What should be the defaultseverity?
We call that If I added a newrule, should I then throw an
error or a warning or show it asan info, or I can even hide it
by default that you manuallyshould enable it.
That's always a little bit of astruggle.
There are some rules wheremaybe personally, I think there
(31:57):
should be at least a warning oreven maybe an error.
But introducing a new rule thatdoes default as error, that
could be quite harsh, especiallyfor already running pipelines
out there maybe, or peopleworking on projects that they
have a new rule and instantlythrows arrows at you.
(32:17):
So a new rule it's always alittle bit of a balance.
How severe is this rule andwhat should we set it as a
default behavior to it?
It's always a little bitsomething a struggle to find the
right path on it.
So we have to go into a littlebit of the approach that if it
will cause a runtime error, thenwe dare to up it to a warning
(32:40):
as a default severity.
But then of course, with rulesets you can lower it back to an
info or maybe hide it and alsogo the other way around.
You can also improve it to anerror if you think, oh wow, we
should really do this prove itto an error.
Speaker 2 (32:57):
If you think, oh wow, we should, really should do
this.
Um, I like everything errors,just make it all an error.
It's fun and it's even better,like you said, for the mature
projects to go back that havebeen worked on over time, to
just turn it on and you see, andyou can do some as warnings.
You get sort of like achristmas tree type scenario
where you have reds, yellows,blues from the info.
So you can have a lot of funwith it.
Speaker 3 (33:18):
Yeah, that's what we're trying to prevent, because
at least for larger projects,and eventually even if they were
migrated from the old Navisiondays, we could easily throw a
lot of warnings at you and thedeveloper then can look at it
and say, oh boy, what am whatI'm going to do with all this
fun.
So we tend to take the bestapproach on that, but it's
(33:40):
difficult, of course, to havesomething that everybody agrees
on.
So the best part is on the ruleset, you can change their
behavior quite easily.
That's quite helpful.
Speaker 2 (33:51):
That's excellent.
One of the things, and when Ifirst heard of Lintocop and I
started seeing the informationabout it because I've, like you
had mentioned it's, I see a lotof conversation about it,
individuals talking about itBefore I first used it one of
the first things that came to mymind is it's so easy to add.
I was a little intimidatedbecause it's so easy to go into
(34:12):
your settings and enable theexisting source code analyzers.
And then LinterCop was a newanalyzer.
And how do I install it to getit to work?
What is the typical process orhow complicated is it to install
?
Speaker 3 (34:30):
In the beginning days it was quite hard.
In the beginning days it wasquite hard.
You have to copy files aroundin specific directories and get
it to work.
The great part is there is a VSCode extension available in the
marketplace Also.
Again, stefan Braun helped alot on it.
(34:51):
He built that that.
You can just install the VSCode extension it's also called
the same name, linterkop and itwill then automatically enable
for you to use Linterkop in VSCode.
So it's just quite as easy justto go to the marketplace of VS
Code or search in VS Code itselffor Linterkop, install the
extension and you're good to go.
(35:13):
You can then enable theLinterkop and then, like you
said, the Christmas tree willthen probably go turn on all
your projects and you have allthose new rules in place.
Speaker 2 (35:24):
So it is.
See, it's much easier and withthat, to use Linterkop in your
pipelines.
You still would need to copythe files over, correct.
Speaker 3 (35:34):
There has been quite some movement in the past year,
but I'm quite happy about itBecause my personal view is, if
you only install it if you'reworking in a team, that's the
prerequisite.
If you're working for yourself,you can install the VS Code and
you can look at it, but I'm acompany working in a team of
developers and we want to agreeon the rules.
(35:57):
What we want to do as a wholecompany and then implement it in
your CSED or your pipelines is,for me, an absolute must.
And also there in the beginningdays it was again PowerShell
and writing code to grab thosefiles and copying to left to
right to get it to work.
(36:18):
The good news is that all thesolutions I know of, as you have
your ALGo for GitHub, forexample, but also Azure DevOps
there are some other solutionsfor partners out there they all
natively support the LintelCop.
It is quite easy to set up andeven in our GitHub project we
specified a few of them and alsoadded some documentation how to
(36:41):
set it up.
For example, for ALGo, freddydid an awesome job.
We can just paste in a URL setone setting.
You have to additionally alsoenable, and then you're good to
go.
It's not more than adding twolines in a config file and the
cop is there in AL go, forexample.
Speaker 2 (37:00):
That's amazing and I enjoy seeing more partners, or
even more app developers.
It has nothing to do with beinga partner.
Even app developers, partnersand end customers or users, as
they're commonly referred to,that have their own development
group or team to use some sourcecode analysis With LinterCop or
(37:22):
even any of the other sourcecode analysis we're talking
about.
That's a community-drivenprogram, the E or application,
and within AL itself they havetheir own rules that are enabled
.
Is it something that someonecan add their own rule to
without making it part of theapplication?
So is there a way to have,within an organization, your own
(37:44):
custom rules that may not existwithin Linterkop or one of the
existing ones?
Speaker 3 (37:50):
Yeah, that is quite good.
Yeah, quite possible.
Yeah, that is quite good.
Yeah, quite possible.
As LinterCorp is, like we said,the fifth code analyzer out
there, you can also create yourown, the sixth one, and also use
that for your company.
If you have specific rules thatyou set up aren't really
generic, you could also buildyour own on it.
(38:12):
And we introduced that.
I was on directions last year inVienna.
We were on stage together withStefan and there we wrapped a
new feature also where we havenow in GitHub with Codespaces,
we created a template where youcan build your own code analyzer
(38:37):
.
So we have those shipped by theproduct, by Microsoft.
We have our community-drivenLinterCop.
If you say we have one to buildour own code analyzer, we have
now provided a template that youcould quite easily start
building your own code analyzerwith your own rules, and you can
also add that then in VS Codeor to your pipelines as an
(39:00):
additional one.
And code spaces of GitHub isjust awesome on that.
It will help you with thetemplate and it will set
everything up with kind of likethink of dependencies, but also
a release pipeline to build yourDLLs.
All that kind of stuff wealready wrapped in a template
for you, so you can easily startcreating your own rules.
Speaker 2 (39:21):
See, that is that I like.
I haven't.
I can honestly say I haven'treally dug deep into creating my
own custom rules because Ihaven't had a need to with using
all of the analyzers with thefive, because a lot of the
common rules come into play.
But I was thinking of othercases where I wanted to have
specific rules for app settings,for values for creating
(39:45):
applications, just to make surethat some standards or
consistency within evenpublisher name, for example,
because if you work with a teamof developers, if they're
creating applications, thepublisher name.
Some will put capital.
Because if you work with a teamof developers, if they're
creating applications, thepublisher name.
Some will put capital letters,some will put no letters, some
will put whatever.
Speaker 1 (39:59):
So is that?
Speaker 2 (40:00):
something that, with a custom code analyzer, we would
be able to create a rule for.
Speaker 3 (40:06):
Yeah, absolutely.
I think the great part is ifyou build your own analyzer you
can take some shortcuts and, forexample, if you want to have
the same publisher, you can justhard code that value and don't
have to do around settings orother kind of complexity stuff,
because if it will change youcan just easily change it in
(40:26):
your own code analyzer.
So those quite more easy tostart on because you don't have
to build it really generic.
You can pinpoint it more toyour use case and then build on
it.
And the great part is you cantake a look at LindaCop, maybe a
rule that you can see thatalready does a little bit the
(40:47):
same.
As you want to take a spiral tosee how it's built and then
maybe start from that rule andadapt it to your needs.
That's the best advice I cangive to look at already the
rules we built.
If you can then look somethingthat is quite familiar, you will
only have a starting point.
(41:07):
You don't have to start with ablank canvas, figuring out
everything yourself.
Speaker 2 (41:14):
I like that.
Speaker 1 (41:14):
You're going to build one now, Brad.
Speaker 2 (41:16):
I'm going to build a lot.
Build your own cop, I will.
We'll call it the Brad Cop.
That's what it will be.
You'll see that soon, Chris theBrad Cop.
Now that I have that insight,it will be an extension of some
other things that I'm alreadyworking on, and we'll call it
the Brad Cop.
If you look at source codeanalysis, what would you say
(41:41):
would be some of the biggestbenefits to a development group
or anybody managing adevelopment group that has a
development group for mandatingor using source code analyzers?
Speaker 3 (41:54):
I think the most important part for me is there
are some studies out there thatwill show mostly in a graph.
For example, if you find a bugin the system, if you catch it
early on, the amount of timespent to resolve the bug is a
bit lower than going through anydetected in production, going
(42:16):
through already detected inproduction.
For example, if you have asmall, if you have an issue in
production, somebody has to flagit, maybe create a ticket on it
, test to get maybe someanalysis go to the developer has
to change his code, test again.
So there's lots of overhead onbugs if you catch them on later
on in the process.
So much earlier on will benefityou in getting more ahead of
(42:39):
the game and make sure that youdon't have.
You can prevent bugs beforethey even get rolled out with
testing for a consultant ortesting for the user acceptance
of the customer itself.
That is, I think, a reallypowerful one.
And the second one is that youcan also agree on standards you
want to do.
(42:59):
For example, maybe if I diveinto one rule that's more
helpful, quite recently we had anew variable that's called
secret text.
Speaker 1 (43:12):
So if you store.
Speaker 3 (43:13):
Yes, you know exactly what I mean.
If you store credentials likeyou have an all-out client
secret or a password orsomething I hope most of you
already don't show its defaultin the text field, maybe using
the isolated storage modelalready of Business Central.
Speaker 2 (43:32):
One moment, Chris.
You hear all this.
You're going to see all of thisthis later.
I'm just letting you know okay,but it drives me crazy that I
see is it's away from the car.
You see, now you're going toget me down a tangent to see a
field in a table in businesscentral called username and
(43:53):
called password.
Oh, I see that so many times.
And then I also see wherethey'll have a procedure for
whatever it may be, for sendinga rep request or validating the
user.
The parameters are username andpassword and they're plain text
(44:13):
and there isn't the listen.
I have seen it and some peoplewill throw in the non-debugable
attribute, which I'm not goingto argue that I mean I will say
at least they tried.
But I always look back with nowthat the secret test text
exists in isolated storageexists.
Why anybody's storing within adatabase a username and password
(44:38):
just drives me crazy.
Speaker 3 (44:43):
Now it's 2025.
That's, from a securityperspective, a no-go.
That's not okay.
It's back of the wild days youmentioned.
Speaker 2 (44:50):
Yes, and I had a conversation with somebody.
You know how you can mask thefield for the UI oh yeah, the UI
part.
Yeah, that's what they said.
They said, oh well, we can mask.
They don't understand theconcept of if somebody's
debugging that, it's just.
I can't even get into that.
(45:10):
But thank you for bringing thatup.
You'll send me on a spiral now.
Now I need to calm down.
Speaker 3 (45:17):
You'll send me on a spiral now.
Now I need to calm down.
There is something that I thinkalso could help on, because
there are rules in there that itwill detect if you do an HTTP
call and you're storingauthorization headers I would
expect that to be a secret text,and the same for the isolated
storage.
It will then again show adiagnostic and then you can
(45:40):
decide on is that for me an info, an error or a warning?
And then, as a whole team, youcan then decide on.
We're all going to do the sameapproach, Do know.
A really important part, what Ibelieve is, is that you have to
discuss those rules with yourteam.
A bad idea would be on a Mondaymorning to see some rules in
(46:01):
LintelCop and say, oh, this wasfun and just enable them and all
the team, surprise your wholeteam with new rules and new
warnings.
That's not, I think, not thebest approach on it.
The best approach would be tothe rules, to have a discussion
with your team to see do we seethe benefit on it or not,
because I think it's best ifeverybody's on board and also
(46:24):
does this commitment.
As he says, I see the benefitof the rule, I know.
It's why I know it's why therule is there.
I know what to prevent and alsodo the commitment that and
that's what we did in ourcompany.
If we adapt a new rule it willbe for all of our projects.
So larger extensions, wherethey've been there, have to be
(46:46):
changed and update those changesto resolve those warnings of
the Linterkop, as in ourpipelines we are quite harsh.
We treat every warning as anerror.
So if you have a warning in ourpipeline it will stop building
and you have to first fix allthe warnings before we can
(47:07):
proceed.
And that's sometimes quiteoppressive with some rules.
If you have all the extensionsand, like I said, mostly if they
already may migrate from thedivision area, it's quite there
can be a lot of rules thenshowing up on older code.
(47:28):
So that's, I think, a reallyimportant part also to look at
the rules and analyze them andsee are they beneficial for us
and do we commit to them.
That's a really important part,not only for the LinterCOP, for
all of them.
Other code cops analyzeimportant part not only for the
LinterCOP, for all of them,other CodeCops, analyzers also,
I believe.
Speaker 2 (47:42):
So this all covers the importance of having those
source code analyzers, as youhad mentioned, and the benefits
of it.
It's not only thestandardization, as we talked
about, but you can save a lot oftime from debugging issues or
some from production issues,excuse me, by catching some
issues ahead of time.
And also, if we talk about thesecret text, even in the case of
(48:06):
security issues, in someinstances that may be easily
caught, that are oftenoverlooked by many developers
that either, as you hadmentioned, will migrate code or
they'll create new code bytaking a look at another example
.
That's one of the things thatwe talk about is, oh, when we
look at a previous example andthat previous example may be not
(48:27):
proper in some respect, and tobe able to catch it with a code
analyzer is important.
Speaker 3 (48:34):
Absolutely, and those examples could also be the base
app See mostly beginning ALdevelopers.
They will also be the base appSee mostly beginning AL
developers.
They will look at the base appand see inspire on how it's
programmed there and thedifficult part of that is it's
probably for quite old code, notthe best to do as of today.
So LittleCop will then help you.
(48:56):
If you have a piece of code, itwill then help you advise to
restructure some parts.
So it's also not your own code,but also the BaseApp is also
sometimes not the best exampleto start off.
Speaker 2 (49:09):
So you mean, are you telling me that the BaseApp
would be a Christmas tree?
Speaker 3 (49:13):
Yeah, I've recently did the BaseApp to do some
performance tuning and therewere quite a lot of warnings.
I think it also take, I think,almost a minute to also output
all of those infos, warnings,diagnostics.
There are quite a lot of themin there.
(49:33):
But yeah, understandable ofcourse that that is built years
ago, so everything now taking apart in it and in an extension
model, I see there it's quite agood practice on that.
But the base app itself, ofcourse, that's again a Christmas
(49:54):
tree lighting up, if you, forexample, enabled.
Speaker 2 (49:56):
Lentikop on that.
No, it's good, I understand ittoo, but it's one of those.
It's interesting.
I tried it once before too, andit's just interesting to see
what you have.
Listen, I will always saynobody, nothing is perfect.
Everybody has a reason whythey're doing a certain thing,
whether it's by creatingsomething from before and you
(50:17):
need to have it forcompatibility or the such.
But I just like to say the wordChristmas tree, absolutely,
which is nice.
Well, mr Arthur, sir, weappreciate you taking the time
to speak with us, to talk withus about source code analyzers.
I personally feel they'reextremely important in
development and thank you forsharing your insights.
A little bit more about sourcecode analysis source code
(50:39):
analysis as well as LinterCop,and I hope those that aren't
aware of LinterCop or haven'tused LinterCop give it a shot
and try, because it does expandand add to the existing
Microsoft source code analyzers.
And, as you had mentioned, nowthat there's a template where
you can create your own customanalyzers, you can have a little
a little more control over therules for an individual
application or organization,which is important.
Speaker 3 (51:02):
Absolutely and, as I mentioned, if you're struggling
a little bit or do you saycreating my own rules is a
little bit steep leaning curve,you could also start with on our
GitHub to start with adiscussion If you have an idea
for a new rule so we can maybediscuss a little bit on it, and
(51:23):
if I can assist in something,feel free to reach out, because
I really love that.
It's a community project.
I'm not the only one on it,absolutely not, and it's helpful
if we all chip in.
Not, and that's helpful if weall chip in and it will help all
of us in our community um to toimprove the, for example, the
(51:44):
linter cop on it.
So if you're thinking buildingyour own rules is a little bit,
uh, still a steep learning curveto start on that, you could
also start, for example, withdiscussions or helping on the
cop itself on there.
Oh that.
Speaker 2 (51:56):
Oh, that's great.
That's great.
So we can reach out to go tosearch for Linterkop, and we'll
put a link in the notes forLinterkop how to access
Linterkop on GitHub.
If anyone has additionalquestions or would like to see
some of the other great thingsthat you've been doing and you
do some great things withLinterkop, and we appreciate all
that you're doing for thecommunity as well what's the
best way to get in contact withyou?
Speaker 3 (52:18):
You can always look me up on LinkedIn or connect
with me on LinkedIn.
I try to send the updates I doon LinkedIn and also on Blue
Skies.
You can also find me there toalso post some fun things or
some updates also on there.
Speaker 2 (52:34):
Excellent, excellent.
Thank you, we appreciate yourtime and I look forward to
seeing you again soon.
Ciao, ciao.
Thank you, we appreciate yourtime and I look forward to
seeing you again soon.
Ciao ciao.
Speaker 1 (52:41):
Thank you, bye-bye.
Speaker 2 (52:43):
Thank you, chris, for your time for another episode
of In the Dynamics Corner Chair,and thank you to our guests for
participating.
Speaker 1 (52:50):
Thank you, brad, for your time.
It is a wonderful episode ofDynamics Corner Chair.
I would also like to thank ourguests for joining us.
Thank you for all of ourlisteners tuning in as well.
You can find Brad atdeveloperlifecom, that is
D-V-L-P-R-L-I-F-E dot com, andyou can interact with them via
(53:13):
Twitter D-V-L-P-R-L-I-F-E.
Via Twitter, d-v-l-p-r-l-i-f-e.
You can also find me atmatalinoio, m-a-t-a-l-i-n-o dot
I-O, and my Twitter handle ismatalino16.
And you can see those linksdown below in the show notes.
Again, thank you everyone.
(53:35):
Thank you and take care.
Welcome everyone to another episode of Dynamics
Corner.
Can cop analyze things?
I'm your co-host, chris.
Speaker 2 (00:09):
And this is Brad.
This episode is recorded onMarch 6, 2025.
Chris, chris, chris.
Another day, another greatepisode, another great
discussion about rules and codeanalyzers.
Source code cops.
Do we have custom cops and beerWith us today?
(00:33):
We had the opportunity to speakwith Arthur.
Speaker 1 (00:48):
Good morning Good afternoon.
Speaker 3 (01:01):
Good afternoon Hi.
Speaker 2 (01:02):
How are you doing?
Speaker 3 (01:04):
I'm doing great, excellent.
I'll be here in Belgium.
It's Thursday afternoon, hi,how are you doing?
I'm doing great, excellent.
I'll be here in BelgiumThursday afternoon, so looking
forward for heading into theweekend almost.
Speaker 2 (01:14):
Excellent.
Speaker 3 (01:15):
Excellent.
Speaker 2 (01:16):
I'm envious when we talk with individuals that are
ahead of us in time, becauseyou're going to get into your
weekend or to your eveningbefore we do.
I'm a little bit ahead of Chrisso I can get into my evening
and weekend and I let him knowthat regularly how I'm starting
my weekend or I'm already intomy evening while he's still
working.
So I feel like just a littlebit.
Speaker 1 (01:38):
But you go back to work before me, so I get to
savor my weekend at least.
Speaker 2 (01:48):
Oh, I go back to work way before you.
Yeah, for many reasons, formany reasons.
So, uh, I've never been tobelgium.
I would like to go to belgiumoh, you should absolutely do
that.
Speaker 3 (01:59):
it's a fantastic year .
Um, I'm originally from theNetherlands and then I moved
over here to Belgium.
I think it's a great country.
It has some complexity onstructures and everything, but I
like the mentality andhospitality that's here in
Belgium.
So every year we have also BCTech Days, of course, so you're
(02:22):
more than welcome.
Speaker 2 (02:23):
Yes, yes.
Speaker 3 (02:27):
But no, I really like it here.
It's more smooth going and I'mliving in the green area of
Belgium and it's called theKempen, so there's a lot of
green around us, of nature, sothat's a really lovely place
here to live in.
Speaker 2 (02:46):
I like the green areas that's interesting that
they call it the green area andall the conferences in Europe I
would love to get to and I tryto get to every year.
It's just a challenge.
I'm certain if you've ever cometo the United States it's not
so close.
We're so close with each otherfrom communication and talking,
(03:06):
but sometimes there's quite abit of logistics that need to go
into it and sometimes we justgot to get on a plane and do it.
I'm hopeful that you knowSpaceX or something will be able
to just make a rocket to fly usover the pond.
Speaker 1 (03:19):
They're trying to bring back that.
Supersonic flights Was theConcorde.
Yeah, yeah, they're trying tobring about concord.
That'd be amazing to be able toget on that.
Just get to europe quickly anduh.
Then, yeah, I'll definitely fly, I'll definitely go there much
easy.
Uh, he has something to do withsome safety stuff, I think, and
(03:45):
many other factors, and that'swhy they stopped the noise.
The environmental factor, Ithink, was one of the reasons
why they stopped.
And so they're trying to builda technology on those where
it'll minimize the noise thatsonic boom it makes, I guess
apparently, minimize the noisethat sonic boom it makes, I
guess apparently, and once theyfigure that out we'll be back on
(04:08):
bringing those flights acrossintercontinental.
That would be amazing.
Speaker 2 (04:12):
That would be great.
I did have a lot I'd like tospeak with you about, but
speaking about Belgium, is thatwhere the Belgian waffle started
?
Speaker 3 (04:24):
That's a good question.
I'm not sure, to be honest.
That's a very good question.
I do think it's really a thingyou have to try if you're here
in Belgium.
If I did some holidays here inEurope and stuff, nothing beats
a Belgian waffle In other partsof Europe.
It's still different.
There are a few things here inBelgium that I just have to
(04:46):
taste here to get a greatexperience on it.
It's strange because the recipeis known and it's not hard to
make a waffle if you look at therecipe, but if you then taste
it in another country it's stilldifferent.
So that's a funny thing fromhere.
But we have more deliciousthings.
(05:07):
Of course.
We can talk hours of all kindsof beer.
Speaker 2 (05:11):
Oh, Belgian beer.
Speaker 3 (05:14):
It's a luxury beer.
That's how you get quite easyused to it Because, coming from
the Netherlands, we had a fewbeers on there and then moved
over to Belgium.
Then I really experienced whatbeers could do and what tastes
and flavors there are.
But then again, if you goacross Europe and also maybe in
(05:37):
other parts, it's not quitecommon to find a real good
Belgian beer.
Speaker 2 (05:44):
I wish we had something like that here.
I don't know what people thinkof.
When you think of the UnitedStates, what do you think of for
food?
Because I hear Italy, I thinkof pizza and wine.
I hear France, I think ofpastries.
I hear Belgium, I think ofwaffles and beer.
I think of Ireland, I think ofwhiskey.
Speaker 1 (06:02):
And I'm not saying, this is the.
Speaker 2 (06:04):
Yes, and Guinness whiskey, right, and I'm not
saying this is the.
I'm not saying yes, andGuinness beer, but I primarily
think of whiskey and Guinness.
But you have some countries andI'm not saying that's the only
thing, that's there, I'm justsaying from a food product point
of view.
That's what comes to my mind,based on what I hear, because
I've only been to countries onthis side of the world, so I
(06:25):
haven't been to any Europeancountries.
But what do you think offood-wise when you hear the
United States?
Speaker 3 (06:33):
It's funny that you say so.
We share that little bit incommon.
I only have on this side of theocean.
I've never been across theother side, to be honest, so
only from a European guyperspective.
If I think America, the firstthing for me is a little bit
thinking of burgers, the firstpart burgers good yeah, but it
has it to be.
(06:54):
Uh, that has to be a bad thing.
Um, of course you have yourmcdonald's kind of area, but a
good quality burger I can alsoreally appreciate that, so it's
not really bad.
But that's something that popsin my head.
I can't explain why.
Speaker 2 (07:10):
That's good.
That's exactly what I waslooking for Because, as I had
mentioned, I hear countries andI think of I must say a lot
about me, but I immediatelythink of food products that I
think of from those countries.
So I've been curious to knowwhat others from Europe, such as
yourself, think of for foodcountries.
So I've been curious to knowwhat others from Europe, such as
yourself, think of for foodwhen they hear the United States
.
Speaker 1 (07:29):
A quick question when you talk about beer, are beers
typically served roomtemperature in Belgium, Not like
ice cold beer?
Speaker 3 (07:43):
Not room temperature.
That's not going to be okay.
It's cold, but it doesn't haveto be freezing cold, but it has
to be chilled from arefrigerator part, otherwise
it's now.
Maybe there are some that arebetter if they're going to room
temperature, but it's not commonto do that.
I don't think I can have a warmbeer.
Speaker 1 (08:04):
How about sour beer?
Do you guys have sour beer inBelgium?
Speaker 3 (08:11):
What do you mean by sour beer?
Speaker 1 (08:12):
Can you?
Speaker 3 (08:12):
help me a little bit on that.
Speaker 1 (08:14):
I guess it's a certain thing that maybe Germany
has some sour beer and it'skind of a sour beer is is trying
to pick up here, at least whereI'm at in washington state.
But you know, washington stateis, I think, one of the biggest
producers of hops in the us andso they're starting to bring in
(08:37):
uh, sour beer and so they'retypically served as kind of like
room temperature and it's it'sreally a little bit of sour and
it's sometimes a different tasteor different flavors, like
there was one time I drank a keylime pie sour beer and it's
beer, but I can taste key limepie, which is amazing, so it's
(08:59):
pretty interesting.
Speaker 2 (09:01):
Key lime pie is really good.
I don't know if I'd have a keylime pie flavored beer and sour
beer and hops.
I'm.
I've gotten to the point now,chris.
Everything you say I'm grokking.
So you, you gave me oh you werecorrect, washington's is.
According to grok, again,washington is the state in the
us that produces the most hops.
(09:21):
In 2023, it accounted forapproximately 76.6 million
pounds of hops.
You were supposed to be theChris GPT, but now, just on the
Grog, grog, bad Grog I hear someof these things and now I'm
going to have to.
I'm redoing my setup after thisto have Grog on speed typing.
I'll move my setup around so Ican type all this stuff up.
(09:44):
I enjoy the beer conversation.
I enjoy the food conversationeven more, but that's not the
reason why we're all here today.
But before we jump into theconversation, would you mind
telling everybody a little bitabout yourself, please?
Speaker 3 (10:00):
Yeah, absolutely, my name is Arthur van de
Vondelvoort.
I work as a solution architectat Verrui here in Belgium, where
most of the days I spend onBusiness Central as part of the
product, but also I like theareas around it, like, of course
, the Power Platform, but alsoDevOps is also an area of
(10:22):
interest of me, so I'm movingaround in that area a little bit
of the product in our community.
Speaker 2 (10:29):
Excellent, excellent, and I've been talking with
Chris and others a lot aboutdevelopment standards and how
individuals create code and puttogether their code and
structure their code.
And one of the things that'savailable within VS Code or for
the AL language excuse me, whenyou're using VS Code now, others
(10:51):
are using other environments aswell is source code analyzers,
and word on the street is thereare many.
There are a few, but you're oneof the source code analyzer
guys to go to if you have anyquestions.
So, if you would, can you tellus a little bit about source
code analysis and what it is?
Speaker 3 (11:10):
Yeah, absolutely.
The source code analysis isfrom the product.
Microsoft also includes threeof them.
You have the UI cop, the codecop and then an extension cop
and also for AppSource one.
So four of them in total andwhat they will help you is well
doing development.
(11:31):
So your NVS code, your appwriting code, and it will then
immediately analyze every lineof rule that you write to see if
there are maybe code smells orsome things that could go wrong,
and it will then help you dothe development already to see
(11:51):
are there things I need tochange or things that maybe can
go wrong, or are there someproblems in your code.
That's really doing thatwithout even running the code.
So there inside your VS Code,it's already like more of an
assistant that looks over yourshoulder and then if you do a
wrong syntax or something, itwill gently say to you oh, look
(12:14):
over there, maybe you should trysomething else or that's not
going to work.
So more like maybe, anassistant role.
You can look at it a little bitlike that.
Speaker 2 (12:25):
So source code analysis.
Would you classify it?
You had mentioned that withinVS Code we have four analyzers.
Would you mention it to be moreof a syntactical, cosmetic-type
analysis, or a functional-typeanalysis, or both?
Speaker 3 (12:46):
I believe my opinion is that it will do both type
analysis or a functional typeanalysis, or both.
I believe my opinion is that itwill do both.
It will mostly, indeed, run onthe syntax.
That is the most easy part toanalyze.
It will also look on thestructure of your code or how
the codes interact with otherparts from other parts of code
or maybe other extensions wehave a dependency on.
(13:07):
So it'll try to figure out asmuch as possible.
So it's not only the syntax butit's more of an whole package
that it can cover to analyze on.
Speaker 2 (13:20):
I'm a big fan of source code analysis, just for
many reasons, but I often wonderhow does it work, right?
So it's how does it work andhow does it really analyze the
code?
And then also word on thestreet, as I say, is you also
(13:40):
participate in another sourcecode analyzer, so you may be
able to tell us a little bit ofhow the analysis works?
Because, just like with manythings, the concept is great, I
understand it, but the practicalapplication of it is
challenging.
Speaker 3 (13:56):
Okay, I think we have to get a little bit back in
time.
If we go back to the Nevisiontimeframe, we had the good old
seaside development.
We had our own developmentenvironment within the
application itself and you canwrite the code in there, and
(14:20):
that was okay-ish.
Speaker 2 (14:23):
Well, okay-ish, we called it the Wild Wild West.
Back in the early days.
It was the Wild Wild West, Ithink.
Now, eventually, when they gaveyou the breaks for the
functions, you know where theyhad the bar.
Early in the days, back when Istarted, it was just basically a
text file within thedevelopment environment and you
couldn't do anything.
(14:43):
So I really need to get myhands on version 1.2.
I don't know if you could get alicense for it, but I started
with version 1.1.
I would love to go back in timeand install that and take a
look at it or even all of thesubsequent versions.
But I don't mean to interrupt.
Go back to the OK-ish.
Speaker 3 (15:03):
No, no, it's good to know, because I think that's a
great example to start on,because it felt a little bit
like programming in Notepad.
That was kind of thinking whatyou're doing right, so if you
make a syntax error oreverything, you would get
punished if you rolled it out toa test environment, or if
you're unlucky, you'll notice itwhen it's in production.
(15:23):
That was the era we were usedto, maybe as an Envision
developer and I also had thosedays.
I started really on developmentin NAV 2017 something-ish.
So I know the hurdle ofexporting FOP files or exporting
to TXT files, and now, withsome tools, merging some of your
(15:45):
code with your colleague codesand all that fun stuff
notepad-wise to develop on, andwith Business Central.
I think it was a hugeopportunity and I really think
it was awesome that we thenmoved over to a modern
development toolset maybe theright word on it.
(16:06):
So we received VS Code where wecan develop them we have.
The AL language was then broughton and also other kind of stuff
like, for example, git was justa normal factor, and all those
things that were new for us were, in other programming languages
, quite common to use.
If you look, for example, ifyou are a C-sharp developer,
(16:27):
it's quite normal to have yourVS Code or Visual Studio.
You have Git all the stuff thatwas new for us back in those
days.
They were already using it andquite good at it, and the great
part is that when we moved overto the AL language, the code
analyzer was also a part that'salready in there for C-sharp
(16:49):
developers already there.
Microsoft has provided aplatform on that.
It's under the hood, it'scalled the Roslyn Analyzer.
That's a framework that cananalyze your code for you in
development.
So if you, for example, woulddo a C-sharp project, you'll
also get maybe warnings orerrors or info messages right
(17:10):
there in Visual Studio.
Speaker 2 (17:13):
So Roslyn is another architecture or language or
application that's within the ALlanguage, to help with the
source code analysis or thesource code structure.
Speaker 3 (17:26):
Correct.
The AL language is depending onRoslyn, as I think it's a
framework.
If I'm not mistaking, the ALlanguage is depending on that to
help to analyze the code on itand the benefit of it is that
it's not only specific for theAL language.
More languages can use theRoslyn analyzer, so that's a
(17:46):
great benefit of that.
Of course, it has someadaptions on it for the specific
syntaxes of the AL language,like a code unit or that kind of
stuff.
Speaker 2 (17:58):
Okay, and with the source code analysis, just to go
back.
So Microsoft has four.
You have the UI, which I thinkwill help with some UI structure
.
You have the AppSource analyzer, which has specific rule sets,
for when you submit an app toAppSource, there are certain
rules that need to be applied.
(18:19):
You have two other ones you hadmentioned.
Speaker 3 (18:23):
You have the general CodeCop analysis.
That will be more of a genericapproach.
We'll look at if there are somesyntaxes that maybe aren't
right.
That's not specific targeting,that's more looking at the
syntax of the code itself.
And you mentioned the UICop.
(18:44):
For example, tooltips are there, maybe an option?
Are there or set visibility offields?
And then you also have, ofcourse, depending on if you go
to AppSource or a per-tenantextension.
Both of them have their ownAppSource cop and for a
per-tenant extension it will,for example, look at the object
numbers.
That has to be in the 50,000 to100,000 range, for example.
(19:06):
That kind of stuff will helpone of those code analyzers help
you with to make those mistakesduring your development.
Speaker 2 (19:14):
Excellent, excellent.
You with to make those mistakesduring your development,
Excellent, Excellent.
You know I always end upputting the per-tenant extension
and the app source extensionexcuse me analyzer.
It's been one of those mornings.
I'm lost.
I often put the per-tenantextension analyzer and the app
source extension analyzertogether in a project.
(19:36):
I always just use all of themand I always have to put in a
suppression of warnings for theID.
It's interesting enough.
Speaker 3 (19:47):
That's funny.
You mentioned that there aremore colleagues also there, I
know of them.
They also said I'm not going touse one or the other.
I'm going to use both of thembecause both of them have.
They also said I'm not going touse one or the other.
I'm going to use both of thembecause both of them have
interesting rules for, dependingon what I say One step back,
let's go to sentence that againyou can use both of them because
there are some rules in theEpsosCOP that are also valid for
(20:09):
a patented extension.
For example, we still need tohave prefixes or suffixes on our
objects.
The namespacing is getting lessand less depending, but as of
today we still need them.
A rule for that is in theAppSource pop code analyzer, not
in a patented extension.
But it is a good practice toalso have that for your PTs
(20:32):
Patented extension also, to havethat rule active that you don't
forget to set a suffix or aprefix on your objects.
So you can also have all fourof them active.
But then you have to suppresssome specific rules that don't
apply for the target you'retargeting on your extension.
Speaker 2 (20:52):
I'm happy to hear that I'm not alone in that.
That makes me feel good,absolutely so.
With those four extensions, andas I started to get into a few
moments ago, there's anothercode analyzer that is quite
popular among AL development andthat's Linterkop.
So it's a fifth code analyzer,correct, and can you tell us a
(21:16):
little bit about Linterkop?
Speaker 3 (21:18):
Absolutely.
Linterkop is a community-drivencode analyzer.
I have to do a shout-out toStefan Moran on that, and I
think it was September 21 thathe paved the road a little bit
to create a fifth one.
He called it Lintocop as anopen source code analyzer.
(21:41):
So that's free available onGitHub so you can use it and see
how it's built and worked.
And he started that Lintocopback in 2021.
And I've got it on my radar.
I think like a half year later,something is beginning on 2022.
(22:03):
And I was quite enthusiasticabout it.
There are some great rulesalready in there in the
beginning that I said.
It's quite obvious to have themand to help you during your
development.
What's always in my head is whyI do really like the LinterCop
as a product and also the otherones, of course.
It will help you resolveproblems by taking away its root
(22:31):
cause.
What am I going to say withthat?
In my previous company, whensometimes I was struggling with
something or trying to solve aproblem, I know my boss already
asked me what problem are youtrying to solve, artur?
What's going wrong?
And I can explain what wasgoing wrong and why and all the
stuff around it, and hechallenged me always with.
(22:55):
But what was the root cause?
Can we take away the root causethat the problem will never
reoccur again?
That was really a helpfulmindset for me that instead of
trying to fix the problems, whydon't we take away what's
causing it, before the problemeven can occur?
And Linterkop has a quite simplerule that I think is fantastic.
(23:17):
The first rule of thecollection is if you, for
example, make a flow field typein the product, that's mostly a
field that is being calculatedand then shown on a page or on a
list, for example, for the user, by default that field is
editable, and that is a littlebit strange Because, for example
(23:39):
, you go to your customeroverview and you see that the
balance is calculated, but thenyou can write something over
that field, and that's, ofcourse, strange.
There are maybe some scenariosthat it could be OK, but most of
the time it's strange to have acalculated field that you can
add it on as the user.
(23:59):
And to prevent that, lintercopwill during development.
If you make a field like that,you forget to set a property
it's already in VS Code show youa warning or a diagnostic.
That is a flow field and you'readvisable to set the property
and it's able to false, and inthat way I think it's quite
(24:22):
helpful because as a developer,you can maybe forget to set a
property.
Everything you test works.
You ship it off to maybe yourconsultant or the customer and
then you can get that feedbackback from.
I see a problem.
That field should be editableand you have to do the cycle
again to modify your code,releasing all the steps, and you
(24:44):
can take away that causing theproblem by, for example, using
Lintacop.
So that's what I really likeabout it it will help you take
away, maybe, the causing of aproblem instead of trying to fix
your problems.
Speaker 2 (24:58):
That's good.
So Lintocop is a code analyzerthat you use in addition to the
other standard AL code analyzersthat will help come up with
resolving problems that you justmentioned.
That whole editable flow field,that was a problem way back in
the early days as well becauseit did some strange things to
(25:19):
your data if you edited a flowfield Early on.
If you edited a flow field thatwas a sum of data it would
actually change the data in asense underlying of it.
But way back, I haven't triedit now because I've been so used
to making flow fieldsnon-editable.
It's just out of habit.
(25:40):
But I have to do a quick test,if you can if you change the
value, what happens with theunderlying data that it's
calculating, or if at this pointit just looks strange.
So that's a little go back intime way back oh wow, I didn't.
Speaker 3 (25:56):
I didn't know it would change your data, that's
that's mind-blowing.
Speaker 2 (26:00):
Unless my dinosaur brain forgets and I assumed it,
but I remember back in theearlier versions of nav, if you
edited a flow field, it wouldadjust the data to make sure
that the total matches, orsomething like that oh wow, the
source data would adjust it yeahinteresting.
I could be talking, you know,sideways, but that's what I
remember.
It's um that's dangerous yes,that's why.
(26:25):
That's why he said the numberone rule is to make a flow field
non-editable.
Yeah, and I think if I were abetting man it'd go way back in
time to then back to the days ofediting in Notepad.
I like that.
That's a great analogy to whatit was like editing or
developing in Notepad.
But, this was over 20 years agotoo, so a lot of improvements
(26:46):
have been made.
So Lintocop works in additionto the Microsoft code analyzers
that come as part of theapplication.
With it being community-driven,the community, in essence, can
come up with their own standardsas well, I guess, because with
many languages there is nice tohave some sort of
standardization, because asapplications get moved from
(27:08):
developer to developer, otherdevelopers come onto a product.
It's nice to have some sort ofstandard.
Speaker 3 (27:13):
I guess you could say Absolutely, and it's getting
more of a Swiss Army knife it'sbecoming, because now you're,
for example, mentioning alsostandards to use on.
There are, I think, currentlymore than 90 rules on it.
I think this year we're goingto cap the 100 different rules
in there, and it's a mix ofdifferent kind of stuff.
(27:36):
It could be for structure partson it how should something look
, or something involved but alsothere are some stuff on
performance, some stuff on alsolinting a bit, a little bit of
security.
It's going multiple directions,so it's not focusing on one
thing.
It's getting more, broader andbroader to indeed try to solve
(28:01):
as much ground as possible tohelp improving.
Speaker 2 (28:05):
See, I like that.
It does more than justformatting standards you had
mentioned.
It can also help catch someperformance considerations as
well, too, within the code.
Speaker 3 (28:18):
Yeah, absolutely so.
The name Linterkop is quiteknown, so I don't think we're
going to change that, but itstarted a little bit, I think,
in that direction.
Then it grew with help of thecommunity and that for
performance.
It has a few nice rules.
But for example, like is we'reall known to the log table
(28:40):
command we can use In somescenarios.
It's necessary to use that forprocessing data in some
scenarios.
But recently not recently, Ithink, only two or three
versions ago-ish we have the newproperty read isolation, so we
could get more granularly setthat instead of the log table
(29:02):
and that's something the codeanalyzer also will detect what
version you're programmingagainst of your extension and it
will then show a diagnostic onall your log table you have in
your extension to change thatand update the new read
isolation.
That's a better approach on it.
(29:23):
And also some other fun stuff.
For example, if you have thegeneral letter entries, for
example, and you have somefunction you want to know do
account that's equals to zero,for example, and you have some
function you want to know doaccount that's equals to zero,
for example, if you'd have thatencode, it will do a full run on
the whole table to figure out.
Is it really the result zero?
(29:46):
But we also have the isEmptycalls added to the product a
while ago and it's much moreperformance than doing account,
because account will do somestuff on indexing, on SQL stuff
and it's more heavy for the SQLserver to come up with and as
empty as it's blazing fast.
So also there are some areaswhere LidlCop will help you
(30:08):
improve your code to uptake newfeatures that were there or to
gently help you to switch somesyntax in to have a better
performance on it.
Speaker 2 (30:19):
So LinterCop you had mentioned has 90 rules to date
and this year you're expectingthat it would go over 100 rules.
When using LinterCop, can youenable and disable the rules,
similar to what we can do withthe standard code analyzers
through pragmas, through rulesets or through suppression,
(30:43):
warnings or suppression?
Yes, suppression in the appfile.
Speaker 3 (30:48):
Yeah, the great part is that LinterCop behaves
exactly the same as the othercode analyzers.
That ships with the product, sothere isn't really much
difference between them.
So indeed, if you want tochange the rules what you feel
is best for maybe you or yourteam or the organization you
work on, you can indeed use, forexample, rule sets, same as the
(31:14):
built-in code analyzers, alsosupported on it, and also the
pragmas and all that good stuffyou have will also work for the
LinterCOP.
Lintercop is compatible withthe other code analyzers on the
same way.
Only though it's nice youmentioned that because for me
also, and I know for multiplepeople out there, by bringing on
(31:36):
the rules it's always difficult.
What should be the defaultseverity?
We call that If I added a newrule, should I then throw an
error or a warning or show it asan info, or I can even hide it
by default that you manuallyshould enable it.
That's always a little bit of astruggle.
There are some rules wheremaybe personally, I think there
(31:57):
should be at least a warning oreven maybe an error.
But introducing a new rule thatdoes default as error, that
could be quite harsh, especiallyfor already running pipelines
out there maybe, or peopleworking on projects that they
have a new rule and instantlythrows arrows at you.
(32:17):
So a new rule it's always alittle bit of a balance.
How severe is this rule andwhat should we set it as a
default behavior to it?
It's always a little bitsomething a struggle to find the
right path on it.
So we have to go into a littlebit of the approach that if it
will cause a runtime error, thenwe dare to up it to a warning
(32:40):
as a default severity.
But then of course, with rulesets you can lower it back to an
info or maybe hide it and alsogo the other way around.
You can also improve it to anerror if you think, oh wow, we
should really do this prove itto an error.
Speaker 2 (32:57):
If you think, oh wow, we should, really should do
this.
Um, I like everything errors,just make it all an error.
It's fun and it's even better,like you said, for the mature
projects to go back that havebeen worked on over time, to
just turn it on and you see, andyou can do some as warnings.
You get sort of like achristmas tree type scenario
where you have reds, yellows,blues from the info.
So you can have a lot of funwith it.
Speaker 3 (33:18):
Yeah, that's what we're trying to prevent, because
at least for larger projects,and eventually even if they were
migrated from the old Navisiondays, we could easily throw a
lot of warnings at you and thedeveloper then can look at it
and say, oh boy, what am whatI'm going to do with all this
fun.
So we tend to take the bestapproach on that, but it's
(33:40):
difficult, of course, to havesomething that everybody agrees
on.
So the best part is on the ruleset, you can change their
behavior quite easily.
That's quite helpful.
Speaker 2 (33:51):
That's excellent.
One of the things, and when Ifirst heard of Lintocop and I
started seeing the informationabout it because I've, like you
had mentioned it's, I see a lotof conversation about it,
individuals talking about itBefore I first used it one of
the first things that came to mymind is it's so easy to add.
I was a little intimidatedbecause it's so easy to go into
(34:12):
your settings and enable theexisting source code analyzers.
And then LinterCop was a newanalyzer.
And how do I install it to getit to work?
What is the typical process orhow complicated is it to install
?
Speaker 3 (34:30):
In the beginning days it was quite hard.
In the beginning days it wasquite hard.
You have to copy files aroundin specific directories and get
it to work.
The great part is there is a VSCode extension available in the
marketplace Also.
Again, stefan Braun helped alot on it.
(34:51):
He built that that.
You can just install the VSCode extension it's also called
the same name, linterkop and itwill then automatically enable
for you to use Linterkop in VSCode.
So it's just quite as easy justto go to the marketplace of VS
Code or search in VS Code itselffor Linterkop, install the
extension and you're good to go.
(35:13):
You can then enable theLinterkop and then, like you
said, the Christmas tree willthen probably go turn on all
your projects and you have allthose new rules in place.
Speaker 2 (35:24):
So it is.
See, it's much easier and withthat, to use Linterkop in your
pipelines.
You still would need to copythe files over, correct.
Speaker 3 (35:34):
There has been quite some movement in the past year,
but I'm quite happy about itBecause my personal view is, if
you only install it if you'reworking in a team, that's the
prerequisite.
If you're working for yourself,you can install the VS Code and
you can look at it, but I'm acompany working in a team of
developers and we want to agreeon the rules.
(35:57):
What we want to do as a wholecompany and then implement it in
your CSED or your pipelines is,for me, an absolute must.
And also there in the beginningdays it was again PowerShell
and writing code to grab thosefiles and copying to left to
right to get it to work.
(36:18):
The good news is that all thesolutions I know of, as you have
your ALGo for GitHub, forexample, but also Azure DevOps
there are some other solutionsfor partners out there they all
natively support the LintelCop.
It is quite easy to set up andeven in our GitHub project we
specified a few of them and alsoadded some documentation how to
(36:41):
set it up.
For example, for ALGo, freddydid an awesome job.
We can just paste in a URL setone setting.
You have to additionally alsoenable, and then you're good to
go.
It's not more than adding twolines in a config file and the
cop is there in AL go, forexample.
Speaker 2 (37:00):
That's amazing and I enjoy seeing more partners, or
even more app developers.
It has nothing to do with beinga partner.
Even app developers, partnersand end customers or users, as
they're commonly referred to,that have their own development
group or team to use some sourcecode analysis With LinterCop or
(37:22):
even any of the other sourcecode analysis we're talking
about.
That's a community-drivenprogram, the E or application,
and within AL itself they havetheir own rules that are enabled
.
Is it something that someonecan add their own rule to
without making it part of theapplication?
So is there a way to have,within an organization, your own
(37:44):
custom rules that may not existwithin Linterkop or one of the
existing ones?
Speaker 3 (37:50):
Yeah, that is quite good.
Yeah, quite possible.
Yeah, that is quite good.
Yeah, quite possible.
As LinterCorp is, like we said,the fifth code analyzer out
there, you can also create yourown, the sixth one, and also use
that for your company.
If you have specific rules thatyou set up aren't really
generic, you could also buildyour own on it.
(38:12):
And we introduced that.
I was on directions last year inVienna.
We were on stage together withStefan and there we wrapped a
new feature also where we havenow in GitHub with Codespaces,
we created a template where youcan build your own code analyzer
(38:37):
.
So we have those shipped by theproduct, by Microsoft.
We have our community-drivenLinterCop.
If you say we have one to buildour own code analyzer, we have
now provided a template that youcould quite easily start
building your own code analyzerwith your own rules, and you can
also add that then in VS Codeor to your pipelines as an
(39:00):
additional one.
And code spaces of GitHub isjust awesome on that.
It will help you with thetemplate and it will set
everything up with kind of likethink of dependencies, but also
a release pipeline to build yourDLLs.
All that kind of stuff wealready wrapped in a template
for you, so you can easily startcreating your own rules.
Speaker 2 (39:21):
See, that is that I like.
I haven't.
I can honestly say I haven'treally dug deep into creating my
own custom rules because Ihaven't had a need to with using
all of the analyzers with thefive, because a lot of the
common rules come into play.
But I was thinking of othercases where I wanted to have
specific rules for app settings,for values for creating
(39:45):
applications, just to make surethat some standards or
consistency within evenpublisher name, for example,
because if you work with a teamof developers, if they're
creating applications, thepublisher name.
Some will put capital.
Because if you work with a teamof developers, if they're
creating applications, thepublisher name.
Some will put capital letters,some will put no letters, some
will put whatever.
Speaker 1 (39:59):
So is that?
Speaker 2 (40:00):
something that, with a custom code analyzer, we would
be able to create a rule for.
Speaker 3 (40:06):
Yeah, absolutely.
I think the great part is ifyou build your own analyzer you
can take some shortcuts and, forexample, if you want to have
the same publisher, you can justhard code that value and don't
have to do around settings orother kind of complexity stuff,
because if it will change youcan just easily change it in
(40:26):
your own code analyzer.
So those quite more easy tostart on because you don't have
to build it really generic.
You can pinpoint it more toyour use case and then build on
it.
And the great part is you cantake a look at LindaCop, maybe a
rule that you can see thatalready does a little bit the
(40:47):
same.
As you want to take a spiral tosee how it's built and then
maybe start from that rule andadapt it to your needs.
That's the best advice I cangive to look at already the
rules we built.
If you can then look somethingthat is quite familiar, you will
only have a starting point.
(41:07):
You don't have to start with ablank canvas, figuring out
everything yourself.
Speaker 2 (41:14):
I like that.
Speaker 1 (41:14):
You're going to build one now, Brad.
Speaker 2 (41:16):
I'm going to build a lot.
Build your own cop, I will.
We'll call it the Brad Cop.
That's what it will be.
You'll see that soon, Chris theBrad Cop.
Now that I have that insight,it will be an extension of some
other things that I'm alreadyworking on, and we'll call it
the Brad Cop.
If you look at source codeanalysis, what would you say
(41:41):
would be some of the biggestbenefits to a development group
or anybody managing adevelopment group that has a
development group for mandatingor using source code analyzers?
Speaker 3 (41:54):
I think the most important part for me is there
are some studies out there thatwill show mostly in a graph.
For example, if you find a bugin the system, if you catch it
early on, the amount of timespent to resolve the bug is a
bit lower than going through anydetected in production, going
(42:16):
through already detected inproduction.
For example, if you have asmall, if you have an issue in
production, somebody has to flagit, maybe create a ticket on it
, test to get maybe someanalysis go to the developer has
to change his code, test again.
So there's lots of overhead onbugs if you catch them on later
on in the process.
So much earlier on will benefityou in getting more ahead of
(42:39):
the game and make sure that youdon't have.
You can prevent bugs beforethey even get rolled out with
testing for a consultant ortesting for the user acceptance
of the customer itself.
That is, I think, a reallypowerful one.
And the second one is that youcan also agree on standards you
want to do.
(42:59):
For example, maybe if I diveinto one rule that's more
helpful, quite recently we had anew variable that's called
secret text.
Speaker 1 (43:12):
So if you store.
Speaker 3 (43:13):
Yes, you know exactly what I mean.
If you store credentials likeyou have an all-out client
secret or a password orsomething I hope most of you
already don't show its defaultin the text field, maybe using
the isolated storage modelalready of Business Central.
Speaker 2 (43:32):
One moment, Chris.
You hear all this.
You're going to see all of thisthis later.
I'm just letting you know okay,but it drives me crazy that I
see is it's away from the car.
You see, now you're going toget me down a tangent to see a
field in a table in businesscentral called username and
(43:53):
called password.
Oh, I see that so many times.
And then I also see wherethey'll have a procedure for
whatever it may be, for sendinga rep request or validating the
user.
The parameters are username andpassword and they're plain text
(44:13):
and there isn't the listen.
I have seen it and some peoplewill throw in the non-debugable
attribute, which I'm not goingto argue that I mean I will say
at least they tried.
But I always look back with nowthat the secret test text
exists in isolated storageexists.
Why anybody's storing within adatabase a username and password
(44:38):
just drives me crazy.
Speaker 3 (44:43):
Now it's 2025.
That's, from a securityperspective, a no-go.
That's not okay.
It's back of the wild days youmentioned.
Speaker 2 (44:50):
Yes, and I had a conversation with somebody.
You know how you can mask thefield for the UI oh yeah, the UI
part.
Yeah, that's what they said.
They said, oh well, we can mask.
They don't understand theconcept of if somebody's
debugging that, it's just.
I can't even get into that.
(45:10):
But thank you for bringing thatup.
You'll send me on a spiral now.
Now I need to calm down.
Speaker 3 (45:17):
You'll send me on a spiral now.
Now I need to calm down.
There is something that I thinkalso could help on, because
there are rules in there that itwill detect if you do an HTTP
call and you're storingauthorization headers I would
expect that to be a secret text,and the same for the isolated
storage.
It will then again show adiagnostic and then you can
(45:40):
decide on is that for me an info, an error or a warning?
And then, as a whole team, youcan then decide on.
We're all going to do the sameapproach, Do know.
A really important part, what Ibelieve is, is that you have to
discuss those rules with yourteam.
A bad idea would be on a Mondaymorning to see some rules in
(46:01):
LintelCop and say, oh, this wasfun and just enable them and all
the team, surprise your wholeteam with new rules and new
warnings.
That's not, I think, not thebest approach on it.
The best approach would be tothe rules, to have a discussion
with your team to see do we seethe benefit on it or not,
because I think it's best ifeverybody's on board and also
(46:24):
does this commitment.
As he says, I see the benefitof the rule, I know.
It's why I know it's why therule is there.
I know what to prevent and alsodo the commitment that and
that's what we did in ourcompany.
If we adapt a new rule it willbe for all of our projects.
So larger extensions, wherethey've been there, have to be
(46:46):
changed and update those changesto resolve those warnings of
the Linterkop, as in ourpipelines we are quite harsh.
We treat every warning as anerror.
So if you have a warning in ourpipeline it will stop building
and you have to first fix allthe warnings before we can
(47:07):
proceed.
And that's sometimes quiteoppressive with some rules.
If you have all the extensionsand, like I said, mostly if they
already may migrate from thedivision area, it's quite there
can be a lot of rules thenshowing up on older code.
(47:28):
So that's, I think, a reallyimportant part also to look at
the rules and analyze them andsee are they beneficial for us
and do we commit to them.
That's a really important part,not only for the LinterCOP, for
all of them.
Other code cops analyzeimportant part not only for the
LinterCOP, for all of them,other CodeCops, analyzers also,
I believe.
Speaker 2 (47:42):
So this all covers the importance of having those
source code analyzers, as youhad mentioned, and the benefits
of it.
It's not only thestandardization, as we talked
about, but you can save a lot oftime from debugging issues or
some from production issues,excuse me, by catching some
issues ahead of time.
And also, if we talk about thesecret text, even in the case of
(48:06):
security issues, in someinstances that may be easily
caught, that are oftenoverlooked by many developers
that either, as you hadmentioned, will migrate code or
they'll create new code bytaking a look at another example
.
That's one of the things thatwe talk about is, oh, when we
look at a previous example andthat previous example may be not
(48:27):
proper in some respect, and tobe able to catch it with a code
analyzer is important.
Speaker 3 (48:34):
Absolutely, and those examples could also be the base
app See mostly beginning ALdevelopers.
They will also be the base appSee mostly beginning AL
developers.
They will look at the base appand see inspire on how it's
programmed there and thedifficult part of that is it's
probably for quite old code, notthe best to do as of today.
So LittleCop will then help you.
(48:56):
If you have a piece of code, itwill then help you advise to
restructure some parts.
So it's also not your own code,but also the BaseApp is also
sometimes not the best exampleto start off.
Speaker 2 (49:09):
So you mean, are you telling me that the BaseApp
would be a Christmas tree?
Speaker 3 (49:13):
Yeah, I've recently did the BaseApp to do some
performance tuning and therewere quite a lot of warnings.
I think it also take, I think,almost a minute to also output
all of those infos, warnings,diagnostics.
There are quite a lot of themin there.
(49:33):
But yeah, understandable ofcourse that that is built years
ago, so everything now taking apart in it and in an extension
model, I see there it's quite agood practice on that.
But the base app itself, ofcourse, that's again a Christmas
(49:54):
tree lighting up, if you, forexample, enabled.
Speaker 2 (49:56):
Lentikop on that.
No, it's good, I understand ittoo, but it's one of those.
It's interesting.
I tried it once before too, andit's just interesting to see
what you have.
Listen, I will always saynobody, nothing is perfect.
Everybody has a reason whythey're doing a certain thing,
whether it's by creatingsomething from before and you
(50:17):
need to have it forcompatibility or the such.
But I just like to say the wordChristmas tree, absolutely,
which is nice.
Well, mr Arthur, sir, weappreciate you taking the time
to speak with us, to talk withus about source code analyzers.
I personally feel they'reextremely important in
development and thank you forsharing your insights.
A little bit more about sourcecode analysis source code
(50:39):
analysis as well as LinterCop,and I hope those that aren't
aware of LinterCop or haven'tused LinterCop give it a shot
and try, because it does expandand add to the existing
Microsoft source code analyzers.
And, as you had mentioned, nowthat there's a template where
you can create your own customanalyzers, you can have a little
a little more control over therules for an individual
application or organization,which is important.
Speaker 3 (51:02):
Absolutely and, as I mentioned, if you're struggling
a little bit or do you saycreating my own rules is a
little bit steep leaning curve,you could also start with on our
GitHub to start with adiscussion If you have an idea
for a new rule so we can maybediscuss a little bit on it, and
(51:23):
if I can assist in something,feel free to reach out, because
I really love that.
It's a community project.
I'm not the only one on it,absolutely not, and it's helpful
if we all chip in.
Not, and that's helpful if weall chip in and it will help all
of us in our community um to toimprove the, for example, the
(51:44):
linter cop on it.
So if you're thinking buildingyour own rules is a little bit,
uh, still a steep learning curveto start on that, you could
also start, for example, withdiscussions or helping on the
cop itself on there.
Oh that.
Speaker 2 (51:56):
Oh, that's great.
That's great.
So we can reach out to go tosearch for Linterkop, and we'll
put a link in the notes forLinterkop how to access
Linterkop on GitHub.
If anyone has additionalquestions or would like to see
some of the other great thingsthat you've been doing and you
do some great things withLinterkop, and we appreciate all
that you're doing for thecommunity as well what's the
best way to get in contact withyou?
Speaker 3 (52:18):
You can always look me up on LinkedIn or connect
with me on LinkedIn.
I try to send the updates I doon LinkedIn and also on Blue
Skies.
You can also find me there toalso post some fun things or
some updates also on there.
Speaker 2 (52:34):
Excellent, excellent.
Thank you, we appreciate yourtime and I look forward to
seeing you again soon.
Ciao, ciao.
Thank you, we appreciate yourtime and I look forward to
seeing you again soon.
Ciao ciao.
Speaker 1 (52:41):
Thank you, bye-bye.
Speaker 2 (52:43):
Thank you, chris, for your time for another episode
of In the Dynamics Corner Chair,and thank you to our guests for
participating.
Speaker 1 (52:50):
Thank you, brad, for your time.
It is a wonderful episode ofDynamics Corner Chair.
I would also like to thank ourguests for joining us.
Thank you for all of ourlisteners tuning in as well.
You can find Brad atdeveloperlifecom, that is
D-V-L-P-R-L-I-F-E dot com, andyou can interact with them via
(53:13):
Twitter D-V-L-P-R-L-I-F-E.
Via Twitter, d-v-l-p-r-l-i-f-e.
You can also find me atmatalinoio, m-a-t-a-l-i-n-o dot
I-O, and my Twitter handle ismatalino16.
And you can see those linksdown below in the show notes.
Again, thank you everyone.
(53:35):
Thank you and take care.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!