SQL Code Analysis

Code Analysis for SQL Server command line

The Code Analysis for SQL Server command line (preview) referenced below is now deprecated software. The static analysis rules are available as part of the SQL Change Automation report.  

The code analysis command line, sqlcodeguard.exe, can target a specified database or folder or scripts. Note that while in preview the command line is not fully supported, although we are receptive to feedback. Please contact sales@red-gate.com for more information.

To run code analysis as part of an automated process, such as continuous integration, a SQL Change Automation license is required. 

Release History

VersionRelease notes
4_patch_4SCG-2019-10-17-11-40-22-46.zip includes SQL Server 2019 support
4_patch_3Improvements to the html report. A fix to the severity regression.
4_patch_2If .htm or .html is specified as the outfile, an html file will be generated instead of an xml file. Known issue: this version breaks the ERROR severity.
  • Fix issue whereby the /include switch wasn't being honored.
  • "Error" issue severity has been added. If using a settings file, for example by saving this from SQL Prompt, the severities must be changed manually within the XML.
  • "Error" is now the default severity for the /include and /exclude switches.
  • If not using a settings file, a new command line switch, "/warning", can be used to designate issues as severity "warning".
  • If there is at least one issue with an "Error" severity the exit code (%ERRORLEVEL%) will be set to 1.
  • Issues with a "Warning" severity will not cause the exit code to be 1 (this is a change from v3 behavior).
  • If a connection to the database can't be established, the exit code will be set to 1.
  • Rule set is consistent with SQL Prompt's code analysis (this means that some rules have been modified, and some rules have been removed).
  • If /include hasn't been used, and no settings file specified using /config, the command line will assume /include:ALL by default.

Using SQL Code Guard with the command line

The command line utility, SqlCodeGuard.Cmd.exe, can analyze the existing database and folder with scripts files and supports the following parameters:

/help/h, /?Output command line syntax help
/server:<server\instance>/sThe server name to connect to
/database:<database>/dThe database name to analyze
/user:<username>/uThe user name. If no user is specified, Windows authentication will be used
/password:<password>/pThe user password
/outfile:<file name>/outThe file name to store the result (xml by default, but will generate html if file is specified as .htm or .html)
The path to the file or folder with the SQL scripts to analyze
/config:<settings file>/cThe settings file to use (the UI saves its settings in %APPDATA%\SqlCodeGuard.Addin\settingsv3.xml)
/quiet/qThis is silent mode for minimal messages
/log:<file name>
The log file name
/include:<ALL | ISSUECODE1;ISSUECODE2{...}>
Can specify all or a semicolon-separated list of code issues to include (with severity "error" in v4, "warning" in v3)
/exclude:<ALL | ISSUECODE1;ISSUECODE2{...}>
Can specify all or a semicolon-separated list of code issues to exclude (with severity "error" in v4, "warning" in v3)
/warning:<ALL | ISSUECODE1;ISSUECODE2{...}>
Can specify all or a semicolon-separated list of code issues to be set to severity "warning" (switch available in v4 only)

If /include, /exclude or /config are not used, all rules will apply by default.

The following example checks the AdventureWorks database on localhost with a specified instance name for all issues, and outputs the results as an .xml file:

SqlCodeGuard.cmd.exe /s:localhost\instancename /d:AdventureWorks /include:all /exclude:BP007;DEP004;ST001 /out:results.xml


SeverityDescriptionExit code
ignoreThe rule will not be run and has no impact on the resultsn/a
warningThe rule will be run, but is not intended to fail a build process0
errorThe rule will be run and will fail a build process1

Note: It is not yet possible to set the "error" severity in SQL Prompt. The settings file will need to be edited manually to achieve this.


The command line, SqlCodeGuard40.Cmd.exe, requires the following files to be present.

  • Microsoft.SqlServer.TransactSql.ScriptDom.dll
  • SqlCodeGuard40.Core.dll

Didn't find what you were looking for?