Resource Lifecycle
Detects disposable resources allocated without a using statement or try/finally disposal, leading to connection and handle leaks.
Why this rule exists
An undisposed SqlConnection or FileStream eventually exhausts the pool or the OS handle table. The symptom is a slow degradation that production alerting will only catch after customer impact.
Code example
+ var conn = new SqlConnection(cs);
+ conn.Open();
+ var cmd = conn.CreateCommand();+ using var conn = new SqlConnection(cs);
+ await conn.OpenAsync();
+ using var cmd = conn.CreateCommand();Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0024": { "enabled": true, "severity": "Warn" }
}
}See Configuration for the full schema.
Related rules
Concurrency and State Risk
Detects async void methods, blocking async calls (.Result, .Wait(), .GetAwaiter().GetResult()), lock(this), and Thread.Sleep in production code. Uses ForPatternScan to ignore matches inside // comments and string literals.
External Service Safety
Detects unsafe HTTP client usage and external service call patterns that lack timeout, cancellation, or retry configuration.
Discussed in
How Azure SDK PR #57223 Introduced 6,650+ Unique Risk Signals
Azure SDK PR #57223 generated 6,650+ unique behavioral risk signals across 3 framework versions. See why traditional tools missed them.
State of Behavioral Change Risk in .NET
A field report from 610 merged C# PRs across 61 repositories, with raw findings, high-confidence findings, and outlier disclosure.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0024_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.