If I run the code analysis in Visual Studio 2022 (on a c++ project) I get a XML and a SARIF file for every code file.
No I try to run the code analysis with MSBuild 2022:
MSBuild.exe solution.sln -p:Configuration=Release /p:RunCodeAnalysis=true
But with this call I only get the code analysis XML files and no SARIF files.
Any idea how to force MSBuild to create the SARIF files?
https://docs.microsoft.com/en-us/answers/questions/512275/what-to-do-with-static-code-analysis-result-xml-fi.html describes a solution:
Add a
Directory.build.props
file to your Visual Studio solution:Now I can extend my MSBuild Command line on my CI-Server (TeamCity):
/p:RunCodeAnalysis=true /p:ClOptions="/analyze:log%20MyApp.nativecodeanalysis.combined.sarif"
(I had to replace the whitespace with%20
).And one SARIF file is generated, or if you want one SARIF file for every code file:
/p:RunCodeAnalysis=true /p:CaOptions="/analyze:log:format:sarif"
If you want to add additional command line switches you have to separate it with
%20
:/p:CaOptions=/analyze:log:format:sarif%20/analyze:log:compilerwarnings
BUT: If I activate Clang-Tidy in my Visual Studio project I get the error
CLANGTIDY : error : no such file or directory: '/analyze:log' [clang-diagnostic-error]
andCLANGTIDY : error : unable to handle compilation, expected exactly one compiler job in ...
- Does someone has an idea about that (except disabling Clang-Tidy)?