SPCAF has the ability to integrate 3rd party analyzers. Not all analyzers come with the installation package of SPCAF as unfortunately some cannot be re-distributed by a separate software.
All 3rd party analyzers are currently available free of charge and can be downloaded separately.
FxCop 10.0 provides hundreds of rules that perform various types of .net code related analysis: design, globalization, interoperability, maintainability, mobility, naming, performance, portability, reliability, security and usage.
FxCop does not provide any specific SharePoint code analysis but the general practices are partly valid also for SharePoint code.
FxCop Metrics is a set of software measures that provide developers better insight into the code they are developing. By taking advantage of code metrics, developers can understand which types and/or methods should be reworked or more thoroughly tested. Development teams can identify potential risks, understand the current state of a project, and track progress during software development.
CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
Even though the development has been discontinued by Microsoft in 2009, it is still a valid and helpful tool analyze SharePoint projects.
CSS Lint is an open source CSS code quality tool that performs static analysis of source code and flags patterns that might be errors or otherwise cause problems for the developer.
CSS Lint points out problems with your CSS code. It does basic syntax checking as well as applying a set of rules to the code that look for problematic patterns or signs of inefficiency. The rules are all pluggable, so you can easily write your own or omit ones you don’t want.
CSSLint is fully integrated into SPCAF and no separate installation is required.
JSHint is fully integrated into SPCAF and no separate installation is required.
SPDisposeCheck is was a tool that helps developers and administrators check custom SharePoint solutions that use the SharePoint Object Model helping measure against known Microsoft dispose best practices. This tool may not show all memory leaks in your code and may produce false positives which need further review by subject matter experts.
Attention: SPDisposeChecker is incapable of analyzing .NET 4 assemblies used in SharePoint 2013 solutions. All rules have been implemented directly in SPCAF and are available in all editions. The 3rd party integration has been disabled by default. Read more about the issue in this blogpost.
Microsoft has removed the SPDisposeCheck download from their pages.