Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Viewing reports in SARIF format in Visu…
menu mobile close menu
Analyzer diagnostics
General Analysis (C++)
General Analysis (C#)
General Analysis (Java)
Micro-Optimizations (C++)
Diagnosis of 64-bit errors (Viva64, C++)
Customer specific requests (C++)
MISRA errors
AUTOSAR errors
OWASP errors (C#)
Problems related to code analyzer
Additional information
toggle menu Contents

Viewing reports in SARIF format in Visual Studio Code

Apr 06 2022

Please note. A better way to work in Visual Studio Code is to use the PVS-Studio extension for Visual Studio Code instead of the Sarif plugin for Visual Studio Code described in this documentation.

You can view PVS-Studio reports in Visual Studio Code via the Sarif Viewer plugin. Below are instructions on how to install the plugin, upload the PVS-Studio report to it, and work with this report.

You can analyze the code and get the report in one of the following ways:

How to install the Sarif Viewer plugin

To install the 'Sarif Viewer' plugin, open Visual Studio Code, go to the 'Extensions' tab. In the search field, enter "Sarif Viewer" and click 'Install':

VisualStudioCode/image1.png

Note: the 'Sarif Viewer' plugin version 3.1.2 or higher is required for correct operation. If you can't find version 3.1.2 or higher in VS Code, you can find the desired version in the plugin repository on GitHub. Each version's sources have a file with the .vsix extension.

Install the plugin from the .vsix file: in the 'Extensions' tab, click on the three-dotted button. In the context menu, click 'Install from VSIX...':

VisualStudioCode/image2.png

In the opened window, select the .vsix file of the 'Sarif Viewer' plugin. After the plugin is installed, restart Visual Studio Code.

How to work with the analysis results

Converting a PVS-Studio report to the SARIF format

SARIF is a universal format for providing information from static analyzers. SARIF is used not only in PVS-Studio, but in other tools. For example, GitHub's Code scanning alerts, Coverity, and CodeSonar.

To convert reports, you can use command-line utilities like PlogConverter.exe for Windows and plog-converter for Linux/macOS. These utilities not only convert PVS-Studio's reports, but also process it — filter messages, for example.

The report format that should be used in Sarif Viewer is slightly different from the universal SARIF format. Therefore, when converting a report for VS Code, you should use a special SARIF format:

  • 'SarifVSCode' in PlogConverter.exe;
  • 'sarif-vscode' in plog-converter.

Below is an example of a command in PlogConverter.exe (Windows) to convert a PVS-Studio report to a SARIF format for Visual Studio Code:

PlogConverter.exe path\to\report.plog -t SarifVSCode ^
                                      -o output\directory ^
                                      -n converted_report_name

An example of a command in plog-converter (Linux/macOS) to convert a PVS-Studio report to a SARIF format for Visual Studio Code:

plog-converter path/to/report/file.json -t sarif-vscode \
                                        -o output/directory \
                                        -n converted_report_name

Note. These utilities can convert a PVS-Studio report into a universal SARIF format. This format can be used in Sarif Viewer, but navigation through additional warning positions will not work.

If paths in the report start with the '|?|' mark, they need to be converted to absolute. Without this, the navigation through warnings won't work. Use the 'r' flag to replace the mark with the part of the path.

Example of a command to convert a report to SARIF format with the conversion of paths to absolute:

PlogConverter.exe path\to\report.plog -t SarifVSCode ^
                                      -o output\directory ^
                                      -n converted_report_name ^
                                      -r path\to\project\folder

How to view the PVS-Studio report in VS Code

To open a report in a SARIF format, use menu items 'File > Open File':

VisualStudioCode/image3.png

You can also open the report from the file explorer. To do this, use the 'Open with Code' command from the context menu:

VisualStudioCode/image4.png

After the report is downloaded, a separate tab will open:

VisualStudioCode/image5.png

The plugin window has several tabs for grouping warnings:

  • Locations — groups warnings by files;
  • Rules — groups warnings by rules;
  • Logs — groups warnings by the SARIF report files.

On the top right, there are several elements in the tab added by the plugin:

  • the 'Collapse All' / 'Expand All' button. Collapses or expands all warning nodes;
  • the 'Open Log' button. Opens a new/another SARIF report;
  • a text filter field with a button.

A text filter allows filtering warnings from the report by any text that is displayed in the table with a list of warnings. For example, by the text of the warning message, as well as by the full or partial file name:

VisualStudioCode/image6.png

Click on the filter icon to open a menu with additional warning filters and checkboxes for hiding/displaying the 'BaseLine', 'Suppression', and 'Rule' columns:

VisualStudioCode/image7.png

The 'INFO' tab displays information about the selected warning:

VisualStudioCode/image8.png

If you click on a warning, the corresponding file opens on the line to which it was issued. The string is underlined by a wavy line of one of the three colors. Each color indicates the warning's certainty level and corresponds to one of the levels in the additional filters:

  • Red: High — Error;
  • Yellow: Medium — Warning;
  • Blue: Low — Note.
VisualStudioCode/image9.png

One warning may relate to several positions in code. In this case, several lines will be displayed in the 'INFO' tab next to the Locations label:

VisualStudioCode/image11.png

Positions can point to lines in one or more files. This makes it easier to understand the warning. Click on the text with the description of the position to open the specified file on the line associated with the position.