![]() Rules that are disabled in a ruleset will be ignored by MSVC Code Analysis and will not be checked or reported. More information on rulesets can be found here. MSVC Code Analysis can be used with one or more ruleset files that can enable or disable selected rules. Rules that are enabled in the ruleset are checked and reported by the analysis tools. In the following sections, let’s look at an enhanced code analysis experience in Visual Studio IDE. Ability to log suppressed warnings with location of suppressionĪs we update MSVC Code Analysis with support of the latest SARIF standard and additional information on analysis and defects, we also updated Visual Studio to enhance the code analysis experience.Ability to log compiler warnings in addition to code analysis warnings.While we were updating MSVC Code Analysis to add more information to SARIF log files, we also added new capabilities to it: ![]() Rule actions for each of the active rules for which defects are reported.Configurations used for code analysis, including command-line options.To add more improvements to code analysis, we have updated MSVC Code Analysis to support the latest SARIF 2.1.0 standard. At the same time, it has been updated to provide options to record more information to the SARIF log file: Fix-it for automatic recommendations to fix defects.Green squiggles for code analysis defects.With this update, MSVC Code Analysis provided some enhanced experience that many readers may already know, including but not limited to: 16.8 is the release that MSVC Code Analysis supports SARIF 2.1 standard. We have been supporting SARIF in VS for quite some time, even the earliest drafts of the specification. MSVC Code Analysis has been using a custom XML log format to report defects it finds during code analysis. While this has served customers well for the last decade, we decided to support SARIF for richer capability such as logging list of files analyzed, configuration overrides for analysis, location where defects are suppressed if logging suppressed warnings, etc. You can find more information on SARIF at this introductory page. The latest SARIF standard is available at this page. SARIF is an acronym for the Static Analysis Results Interchange Format, which is a standard, JSON-based format for the output of static analysis tools. SARIF provides a rich format intended to meet the needs of a wide range of analysis tools, both sophisticated and simple ones. It also provides an extensibility mechanism to allow tool authors to store custom data that the SARIF format doesn’t directly support. ![]() ![]() In this blog post we will present one of those enhanced experiences – code analysis defects with different severity levels in Error List and color-coded squiggles for offending code segments. ![]() Behind the scenes, analysis log files in the SARIF format powers Visual Studio IDE to provide a richer experience that was not possible with the legacy XML logs. SARIF is an industry standard for representing static analysis logs and we’ve been one of the earliest collaborators with the SARIF Technical Committee. Starting with Visual Studio 16.8, MSVC Code Analysis officially supports SARIF 2.1.0 standard. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |