Share via

What to do with static code analysis result XML files, management of code analysis results

Dave 206 Reputation points
2021-08-13T02:56:06.837+00:00

I have run msbuild with the /p:RunCodeAnalysis=true flag and can now see a ton of *.nativecodeanalysis.xml files in the output directory. Are there any open source tools or applications that can load these files and make it easier to manage/read the results? I'm especially interested in tools that can manage these results over time, so we can track improvements and reduction of issues raised by code over time.

As an aside, is there any option with MSBuild to output SARIF instead?

Community Center | Not monitored
Accepted answer
  1. Dave 206 Reputation points
    2021-08-16T19:45:35.013+00:00

    Thanks David, I've managed to set this by:

    Adding a Directory.build.props file to the root of my repo 

    <?xml version="1.0" encoding="utf-8"?>   
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">  
  <ItemDefinitionGroup>  
    <ClCompile>  
        <AdditionalOptions>$(ClOptions) %(AdditionalOptions)</AdditionalOptions>  
    </ClCompile>  
  </ItemDefinitionGroup>  
</Project>

    Passing through the ClOptions via MSBuild: 

     '$env:PreferredToolArchitecture="x64"; msbuild -m /p:RunCodeAnalysis=true /p:ClOptions="/analyze:log MyApp.nativecodeanalysis.combined.sarif" /p:CodeAnalysisRuleSet=NativeMinimumRules.ruleset /p:Configuration=Release /p:Platform=x86 /v:q MyApp.build.sln'

    References:

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.