Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à

Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

VSCode: how to view reports of static a…

VSCode: how to view reports of static analyzers that support SARIF

09 Aoû 2021

People increasingly start optimizing the process of finding code errors using static analyzers. Nowadays, we can choose from a variety of products to view analysis results. This post covers the ways how to view an analyzer report in the most stylish and feature-rich IDE among multifunctional ones – VSCode. The SARIF format and a special plugin for it allow us to perform our task. Keep reading to find out about this. Let's get going!


I wrote this article at the request of our reader who left a comment on the previous article about SARIF. These posts form some kind of an article series on SARIF :) So if interested to learn more where and how you can use this format (or anything else), then drop your wishes in comments.

What is SARIF?

SARIF (Static Analysis Results Interchange Format) is a JSON-based static analysis results exchange format for the output of static analysis tools. It is meant to interact with other tools: IDEs, integrated code checking analysis tools (such as SonarQube), continuous integration systems, etc.

That is, before this interchange format, static analyzers worked like this:


Each product has its own standard to adjust to. Agree, it's not very convenient. By introducing SARIF, we get a different picture:


In a perfect world, it's enough to get a report in this format. Next you can open\use it in any program\system that handles static analysis results.

How to get a SARIF report

SARIF is a unified format. You can get a SARIF report using different static analyzers and tools. In this case, we use the PVS-Studio analyzer and PlogConverter – the report format conversion utility. The PVS-Studio team develops both tools.

Checking the project

To get the SARIF report, I picked a simple and interesting example of a C# source code fragment to check:

using System;
using System.Collections.Generic;
using System.Linq;

namespace SarifTest
    class Program
        static void Main(string[] args)
            var start = Convert.ToInt64(args[0]);
            var end = Convert.ToInt64(args[1]);
            ToString(start, end);

        static string ToString(long start, long end)
            if (end == long.MinValue)
                if (start == long.MinValue)
                    return string.Format("[long.MinValue..long.MaxValue]", end);
                    return string.Format("[{0}..long.MaxValue]", start);
            else if (start == long.MinValue)
                return string.Format("[long.MinValue..{0})", end);
                return string.Format("[{0}..{1})", start, end);

        static int Formula42(int? coefficientA, int? coefficientB)
            var data = new List<int>();
            if (coefficientA != null)
            else if (coefficientB != null)
            return data.SingleOrDefault();

        static private int Formula42(int coefficient)
            return coefficient;

        static int CrazyCalculations()
            var value = 10;
            value = value++;
            return value;

By the way, one of the errors in this example is based on the real error from the ILSpy project.

We use the PVS-Studio analyzer for the check. Using the "PVS-Studio_Cmd.exe" console utility, we start the analysis by running the command:

"C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe" \
-t "D:\Use_SARIF_Example\BestProjectCpp.sln" \
-o "D:\Use_SARIF_Example\results.plog"

Let's consider the command line in detail. The "-t" flag is required. It allows you to specify an object to check (sln or csproj/vcxproj file). The "-o" flag is responsible for the path to the file where the analysis results are written.

I forgot to mention that the analyzer requires a license to work. If you don't have it, you can get a trial version by clicking here.

We now have an output report in the PVS-Studio analyzer format. This is an output file with the ".plog" extension. We need to convert it to the SARIF format. For this, we use the PlogConverter utility.

Converting Plog to SARIF

PlogConverter is an open-source utility designed to convert PVS-Studio analyzer reports from one format to another. It is described in more detail in the documentation.

Let's convert the analyzer report to the SARIF format.

"C:\Program Files (x86)\PVS-Studio\PlogConverter.exe" \
"D:\Use_SARIF_Example\results.plog" \
-o "D:\Use_SARIF_Example" -t sarif -n results

That's it, now we have the report. We can move on to setting up VSCode.

Basics of plugin installation in Visual Studio Code

Visual Studio Code is a lightweight, free, cross-platform code editor that provides ample customization opportunities. The editor is a kind of constructor that we build using plugins. That is, if we need to write a program in C#, we just download the appropriate plugin. You can do it like this:

  • open VSCode;
  • find Extensions on the left;
  • write what you need in the search line (in our example, it's C#);
  • select the necessary plugin from displayed ones. Choose the plugin by its rating, number of downloads and description;
  • to download, click the install button, which is either in the description window or in the plugin list window to the right of the name;
  • sometimes additional customization may be required. Each plugin has individual settings, so be sure to read the description.

It looks as follows:


If you don't like the plugin you downloaded, you can disable it or delete. It takes a couple of clicks to do this:

  • open Extensions;
  • in the search bar, enter the name of the plugin you want to delete;
  • click on it and find Disable and Uninstall buttons in the opening window with the description above;
  • click the button according to what you need to do.

It looks like this:


SARIF plugin for Visual Studio Code

Plugin installation

The plugin for working with SARIF reports can be installed in the same way as the installation of any other plugin. If you don't know how it's done, check out the section above.

As for VSCode, I recommend and use the "SARIF Viewer" plugin. Its installation does not require any additional settings.

Loading a report to the plugin

Working with the plugin is simple. To begin with, you need to load the report. There are several ways to do this. The first is to choose your SARIF file, right click and select "open with VSCode".


The second way is to open VSCode and open the SARIF file from it.


Third option. Open VSCode, find the Show All Commands bar (Ctrl + Shift + P by default). In the opening window enter sarif and select "SARIF: Show Panel"


In the opening window click "Open SARIF log" and select the SARIF file.

That's it. This was the most difficult part. The report is loaded, and you can start viewing warnings.

Plugin features

After you've loaded the report, you see the following:


Let's cover them one at a time.

The LOCATIONS menu is a list of warnings grouped by file:


When you click on a message, you move to a problem spot in the code.


Note that all trouble spots are already highlighted with a wavy line. When you hover the cursor over this line, you see a description of the problem.


We can also shift between warnings using a shortcut (Alt + F8).


Next, we have the RULES menu. We can view the same messages in it, but grouped by diagnostic rules:


Clicking the message also lets you jump to the code.

The LOGS tab shows opened reports.


Ok, we've looked at all tabs. Please also note that each rule has a description at the bottom:


Click on the diagnostic code ("Rule Id" content) to switch to the documentation for this warning.



As you can see, the SARIF format allows us to simply and quickly use one more ready-made tool and get the result. Pretty convenient, right?

As for the plugin, I think it's a decent option for viewing static analyzer warnings. Perhaps in the future we'll write our own plugin with blackjack, bells and whistles (as we did recently for CLion). Until then, if you need\want to view static analyzer reports via the VS Code, give this product a try.

Thanks for reading!

Popular related articles
What's new in PVS-Studio in 2021?

Date: 31 Déc 2021

Author: Maxim Stefanov, Oleg Lisiy, Sergey Vasiliev

2021 is coming to an end, which means it's time to sum up the year! Today we'll tell you about the new features we added to PVS-Studio in the past year. Buckle up and let's go!
How to get nice error reports using SARIF in GitHub

Date: 09 Fév 2021

Author: Evgeniy Ovsyannikov, Nikolay Mironov

Let's say you use GitHub, write code, and do other fun stuff. You also use a static analyzer to enhance your work quality and optimize the timing. Once you come up with an idea - why not view the err…
PVS-Studio is now in Chocolatey: checking Chocolatey under Azure DevOps

Date: 13 Fév 2020

Author: Vladislav Stolyarov

We continue making the use of PVS-Studio more convenient. Our analyzer is now available in Chocolatey, the package manager for Windows. We believe this will make it easier to deploy PVS-Studio, parti…
PVS-Studio in the clouds: Azure DevOps

Date: 13 Sep 2019

Author: Ilya Gainulin, Oleg Andreev

This is a second article, which focuses on usage of the PVS-Studio analyzer in cloud CI-systems. This time we'll consider the platform Azure DevOps - a cloud CI\CD solution from Microsoft. We'll be a…
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio

Date: 29 Mar 2017

Author: Sergey Khrenov

In November 2016, we posted an article about the development and use of the PVS-Studio plugin for SonarQube. We received great feedback from our customers and interested users who requested testing t…

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus