Invoke-ScriptAnalyzer
Evaluates a script or module based on selected best practice rules
Syntax
Invoke-ScriptAnalyzer
[-Path] <string>
[-CustomRulePath <string[]>]
[-RecurseCustomRulePath]
[-IncludeDefaultRules]
[-ExcludeRule <string[]>]
[-IncludeRule <string[]>]
[-Severity <string[]>]
[-Recurse]
[-SuppressedOnly]
[-Fix]
[-EnableExit]
[-Settings <Object>]
[-SaveDscDependency]
[-ReportSummary]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Invoke-ScriptAnalyzer
[-Path] <string>
-IncludeSuppressed
[-CustomRulePath <string[]>]
[-RecurseCustomRulePath]
[-IncludeDefaultRules]
[-ExcludeRule <string[]>]
[-IncludeRule <string[]>]
[-Severity <string[]>]
[-Recurse]
[-Fix]
[-EnableExit]
[-Settings <Object>]
[-SaveDscDependency]
[-ReportSummary]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Invoke-ScriptAnalyzer
[-ScriptDefinition] <string>
-IncludeSuppressed
[-CustomRulePath <string[]>]
[-RecurseCustomRulePath]
[-IncludeDefaultRules]
[-ExcludeRule <string[]>]
[-IncludeRule <string[]>]
[-Severity <string[]>]
[-Recurse]
[-EnableExit]
[-Settings <Object>]
[-SaveDscDependency]
[-ReportSummary]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Invoke-ScriptAnalyzer
[-ScriptDefinition] <string>
[-CustomRulePath <string[]>]
[-RecurseCustomRulePath]
[-IncludeDefaultRules]
[-ExcludeRule <string[]>]
[-IncludeRule <string[]>]
[-Severity <string[]>]
[-Recurse]
[-SuppressedOnly]
[-EnableExit]
[-Settings <Object>]
[-SaveDscDependency]
[-ReportSummary]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Invoke-ScriptAnalyzer evaluates scripts or module files (.ps1, .psm1, and .psd1 files) based
on a collection of best practice rules and returns objects that represent rule violations. It also
includes special rules to analyze DSC resources.
Invoke-ScriptAnalyzer comes with a set of built-in rules. By default, it uses all rules. You can
use the IncludeRule and ExcludeRule parameters to select the rules you want. You can use the
Get-ScriptAnalyzerRule cmdlet to examine and select the rules you want to include or exclude from
the evaluation.
You can also use customized rules that you write in PowerShell scripts, or compile in assemblies using C#. Custom rules can also be selected using the IncludeRule and ExcludeRule parameters.
You can also include a rule in the analysis, but suppress the output of that rule for selected
functions or scripts. This feature should be used only when necessary. To get rules that were
suppressed, run Invoke-ScriptAnalyzer with the SuppressedOnly parameter.
For usage in CI systems, the EnableExit exits the shell with an exit code equal to the number of error records.
Examples
EXAMPLE 1 - Run all Script Analyzer rules on a script
Invoke-ScriptAnalyzer -Path C:\Scripts\Get-LogData.ps1EXAMPLE 2 - Run all Script Analyzer rules on all files in the Modules directory
This example runs all Script Analyzer rules on all .ps1 and .psm1 files in your user-based
Modules directory and its subdirectories.
Invoke-ScriptAnalyzer -Path $home\Documents\WindowsPowerShell\Modules -RecurseEXAMPLE 3 - Run a single rule on a module
This example runs only the PSAvoidUsingPositionalParameters rule on the files in the
PSDiagnostics module folder. You can use a command like this to find all instances of a particular
rule violation.
Invoke-ScriptAnalyzer -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics -IncludeRule PSAvoidUsingPositionalParametersEXAMPLE 4 - Run all rules except two on your modules
This example runs all rules except for PSAvoidUsingCmdletAliases and
PSAvoidUsingInternalURLs on the .ps1 and .psm1 files in the MyModules directory and in its
subdirectories.
Invoke-ScriptAnalyzer -Path C:\ps-test\MyModule -Recurse -ExcludeRule PSAvoidUsingCmdletAliases, PSAvoidUsingInternalURLsEXAMPLE 5 - Run Script Analyzer with custom rules
This example runs Script Analyzer on Test-Script.ps1 with the standard rules and rules in the
C:\CommunityAnalyzerRules path.
Invoke-ScriptAnalyzer -Path D:\test_scripts\Test-Script.ps1 -CustomRulePath C:\CommunityAnalyzerRules -IncludeDefaultRulesEXAMPLE 6 - Run only the rules that are Error severity and have the PSDSC source name
$DSCError = Get-ScriptAnalyzerRule -Severity Error | Where SourceName -eq PSDSC
$Path = "$home\Documents\WindowsPowerShell\Modules\MyDSCModule"
Invoke-ScriptAnalyzerRule -Path $Path -IncludeRule $DSCError -RecurseEXAMPLE 7 - Suppressing rule violations
This example shows how to suppress the reporting of rule violations in a function and how to discover rule violations that are suppressed.
The example uses the SuppressMessageAttribute attribute to suppress the PSUseSingularNouns and
PSAvoidUsingCmdletAliases rules for the Get-Widgets function in the Get-Widgets.ps1 script.
You can use this attribute to suppress a rule for a module, script, class, function, parameter, or
line.
The first command runs Script Analyzer on the script file containing the function. The output reports a rule violation. Even though more rules are violated, neither suppressed rule is reported.
function Get-Widgets
{
[CmdletBinding()]
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseSingularNouns", "")]
[System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingCmdletAliases", "", Justification="Resolution in progress.")]
Param()
dir $pshome
...
}
Invoke-ScriptAnalyzer -Path .\Get-Widgets.ps1
RuleName Severity FileName Line Message
-------- -------- -------- ---- -------
PSProvideCommentHelp Information ManageProf 14 The cmdlet 'Get-Widget' does not have a help comment.
iles.psm1
Invoke-ScriptAnalyzer -Path .\Get-Widgets.ps1 -SuppressedOnly
Rule Name Severity File Name Line Justification
--------- -------- --------- ---- -------------
PSAvoidUsingCmdletAliases Warning ManageProf 21 Resolution in progress.
iles.psm1
PSUseSingularNouns Warning ManageProf 14
iles.psm1The second command uses the SuppressedOnly parameter to report violations of the rules that are suppressed script file.
EXAMPLE 8 - Analyze script files using a profile definition
In this example, we create a Script Analyzer profile and save it in the ScriptAnalyzerProfile.txt
file in the current directory. We run Invoke-ScriptAnalyzer on the BitLocker module files. The
value of the Profile parameter is the path to the Script Analyzer profile.
# In .\ScriptAnalyzerProfile.txt
@{
Severity = @('Error', 'Warning')
IncludeRules = 'PSAvoid*'
ExcludeRules = '*WriteHost'
}
Invoke-ScriptAnalyzer -Path $pshome\Modules\BitLocker -Profile .\ScriptAnalyzerProfile.txtIf you include a conflicting parameter in the Invoke-ScriptAnalyzer command, such as
-Severity Error, the cmdlet uses the profile value and ignores the parameter.
EXAMPLE 9 - Analyze a script stored as a string
This example uses the ScriptDefinition parameter to analyze a function at the command line. The function string is enclosed in quotation marks.
Invoke-ScriptAnalyzer -ScriptDefinition "function Get-Widgets {Write-Host 'Hello'}"
RuleName Severity FileName Line Message
-------- -------- -------- ---- -------
PSAvoidUsingWriteHost Warning 1 Script
because
there i
suppres
Write-O
PSUseSingularNouns Warning 1 The cmd
noun shWhen you use the ScriptDefinition parameter, the FileName property of the
DiagnosticRecord object is $null.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CustomRulePath
Enter the path to a file that defines rules or a directory that contains files that define rules.
Wildcard characters are supported. When CustomRulePath is specified, only the custom rules found
in the specified paths are used for the analysis. If Invoke-ScriptAnalyzer cannot find rules in
the , it runs the standard rules without notice.
To add rules defined in subdirectories of the path, use the RecurseCustomRulePath parameter. To include the built-in rules, add the IncludeDefaultRules parameter.
| Type: | String[] |
| Aliases: | CustomizedRulePath |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-EnableExit
On completion of the analysis, this parameter exits the PowerShell sessions and returns an exit code equal to the number of error records. This can be useful in continuous integration (CI) pipeline.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeRule
Omits the specified rules from the Script Analyzer test. Wildcard characters are supported.
Enter a comma-separated list of rule names, a variable that contains rule names, or a command that gets rule names. You can also specify a list of excluded rules in a Script Analyzer profile file. You can exclude standard rules and rules in a custom rule path.
When you exclude a rule, the rule does not run on any of the files in the path. To exclude a rule on a particular line, parameter, function, script, or class, adjust the Path parameter or suppress the rule. For information about suppressing a rule, see the examples.
If a rule is specified in both the ExcludeRule and IncludeRule collections, the rule is excluded.
| Type: | String[] |
| Position: | Named |
| Default value: | All rules are included. |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-Fix
Fixes certain warnings that contain a fix in their DiagnosticRecord.
When you used Fix, Invoke-ScriptAnalyzer applies the fixes before running the analysis. Make
sure that you have a backup of your files when using this parameter. It tries to preserve the file
encoding but there are still some cases where the encoding can change.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IncludeDefaultRules
Invoke default rules along with Custom rules.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IncludeRule
Runs only the specified rules in the Script Analyzer test. By default, PSScriptAnalyzer runs all rules.
Enter a comma-separated list of rule names, a variable that contains rule names, or a command that gets rule names. Wildcard characters are supported. You can also specify rule names in a Script Analyzer profile file.
When you use the CustomizedRulePath parameter, you can use this parameter to include standard rules and rules in the custom rule paths.
If a rule is specified in both the ExcludeRule and IncludeRule collections, the rule is excluded.
The Severity parameter takes precedence over IncludeRule. For example, if Severity is
Error, you cannot use IncludeRule to include a Warning rule.
| Type: | String[] |
| Position: | Named |
| Default value: | All rules are included. |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-IncludeSuppressed
Include suppressed diagnostics in output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Path
Specifies the path to the scripts or module to be analyzed. Wildcard characters are supported.
Enter the path to a script (.ps1) or module file (.psm1) or to a directory that contains scripts
or modules. If the directory contains other types of files, they are ignored.
To analyze files that are not in the root directory of the specified path, use a wildcard character
(C:\Modules\MyModule\*) or the Recurse parameter.
| Type: | String |
| Aliases: | PSPath |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | True |
-Recurse
Runs Script Analyzer on the files in the Path directory and all subdirectories recursively.
Recurse applies only to the Path parameter value. To search the CustomRulePath recursively, use the RecurseCustomRulePath parameter.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RecurseCustomRulePath
Adds rules defined in subdirectories of the CustomRulePath location. By default,
Invoke-ScriptAnalyzer uses only the custom rules defined in the specified file or directory. To
include the built-in rules, use the IncludeDefaultRules parameter.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ReportSummary
Write a summary of the violations found to the host.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SaveDscDependency
Resolve DSC resource dependencies.
When Invoke-ScriptAnalyzer is run with this parameter, it looks for instances of
Import-DSCResource -ModuleName <somemodule>. If <somemodule> is cannot be found by searching the
$env:PSModulePath, Invoke-ScriptAnalyzer returns parse error. This error is caused by the
PowerShell parser not being able to find the symbol for <somemodule>.
If Invoke-ScriptAnalyzer finds the module in the PowerShell Gallery, it downloads the missing
module to a temp path. The temp path is then added to $env:PSModulePath for duration of the scan.
The temp location can be found in $LOCALAPPDATA/PSScriptAnalyzer/TempModuleDir.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScriptDefinition
Runs the analysis on commands, functions, or expressions in a string. You can use this feature to analyze statements, expressions, and functions, independent of their script context.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Settings
A path to a file containing a user-defined profile or a hashtable object containing settings for ScriptAnalyzer.
Runs Invoke-ScriptAnalyzer with the parameters and values specified in the file or hashtable.
If the path or the content of the file or hashtable is invalid, it is ignored. The parameters and values in the profile take precedence over the same parameter and values specified at the command line.
A Script Analyzer profile file is a text file that contains a hashtable with one or more of the following keys:
- CustomRulePath
- ExcludeRules
- IncludeDefaultRules
- IncludeRules
- RecurseCustomRulePath
- Rules
- Severity
The keys and values in the profile are interpreted as if they were standard parameters and values of
Invoke-ScriptAnalyzer, similar to splatting. For more information, see
about_Splatting.
| Type: | Object |
| Aliases: | Profile |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Severity
After running Script Analyzer with all rules, this parameter selects rule violations with the specified severity.
Valid values are:
- Error
- Warning
- Information.
You can specify one ore more severity values.
The parameter filters the rules violations only after running all rules. To filter rules
efficiently, use Get-ScriptAnalyzerRule to select the rules you want to run.
The Severity parameter takes precedence over IncludeRule. For example, if Severity is
Error, you cannot use IncludeRule to include a Warning rule.
| Type: | String[] |
| Position: | Named |
| Default value: | All rule violations |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SuppressedOnly
Returns violations only for rules that are suppressed.
Returns a SuppressedRecord object (Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.SuppressedRecord).
To suppress a rule, use the SuppressMessageAttribute. For help, see the examples.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet.
Outputs
Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.DiagnosticRecord
By default, Invoke-ScriptAnalyzer returns one DiagnosticRecord object for each rule violation.
Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic.SuppressedRecord
If you use the SuppressedOnly parameter, Invoke-ScriptAnalyzer instead returns a
SuppressedRecord objects.
