We wrote a lot of code and just after 6 months we spend a lot of time in studying, understanding and refining it again and again. Code is alive and there is no documentation that can be as exhaustive as the code itself. So, we start using a bunch of tools to manually inspect the code and fully understand what happens to instances of a given type, which parts of the code really need certain dependencies, or which APIs are used in a part of the codebase. This job is even tougher when the codebase comes from a third-party that is extending our app.
The .NET Compiler Platform (Roslyn) gives us the opportunity to write tools to understand the sources from a business rule perspective and extract the information required to identify usage patterns and enforcing security prescriptions.
The idea is to raise the bar of the classic code analysis, writing custom tools and Visual Studio analyzers targeting the specificities of the application being developed.