Microsoft C++ Code Analysis is a powerful static analysis tool integrated into VisualStudio that helps you identify and fix potential issues in your C++ code.Large projects require effective management of analysis warnings to maintain codequality and you sometimes need to suppress warnings, but must do so in a clear andauditable way.To that end, we are excited to announce significant updates to the warning suppressionmechanisms in Microsoft C++ Code Analysis. These enhancements provide better tracking,justification, and overall management of warning suppressions, leading to a moremaintainable and robust codebase.What's New in the SARIF Output?We enhanced theStatic Analysis Results Interchange Format (SARIF)output to include detailed information about warning suppressions, most notably thejustification provided by you. This allows teams to easily review why a specificwarning was silenced.To generate a SARIF file, use the /analyze:log:format:sarif compiler option. To ensurethat details about suppressed warnings (including their justifications) are included inthis SARIF log, you must also use the /analyze:log:includesuppressed option.What's New in gsl::suppress?We have updated our support for gsl::suppress to align with the latest C++ CoreGuidelines syntax. Warnings can now be suppressed by using the gsl::suppress attributein the following way:[[gsl::suppress( "", justification: "" )]]Where is the ID of the warning you want to suppress, and the optional is a string that provides a justification for the suppression.For now, [[gsl::suppress]] is only available for C++ codebases. For C codebases, youmust use the #pragma warning(suppress) syntax.Example:// CoreCheckExample.cpp// Add CppCoreCheck package and enable code analysis in build for warnings.int main(){ int arr[10]; // warning C26494 int* p = arr; // warning C26485 [[gsl::suppress("bounds.1", justification : "This attribute suppresses Bounds rules #1")]] { int* q = p + 1; // warning C26481 (suppressed) p = q++; // warning C26481 (suppressed) } return 0;}What's New in #pragma warning?We have extended #pragma warning to support the justification field. Here is howyou can use it starting in Visual Studio 2022 version 17.14:#pragma warning(suppress : , justification : "")Where is the ID of the warning you want to suppress, and the optional is a string that provides a justification for the suppression.Choosing Between #pragma warning and gsl::suppressBoth #pragma warning(suppress) and [[gsl::suppress]] offer fine-grained control overwarning suppression. #pragma warning(suppress) is a general MSVC mechanism that can be used for anycompiler warning. It's particularly useful when you need to suppress a warning in aspecific code block without altering the code's structure significantly. [[gsl::suppress]] will only suppress warnings emitted by Microsoft C++ CodeAnalysis. It is intended for use with the C++ Core Guidelines checks and can be appliedto a scope or a specific declaration.Whenever possible, we recommend using [[gsl::suppress]] for suppressing Microsoft C++Code Analysis warnings.Why These Updates MatterThese enhancements to warning suppression offer several key benefits: Improved Auditability and Review: With justifications recorded directly in thecode and optionally in SARIF logs, code reviews become more effective. Team members canquickly understand the rationale behind a suppression without needing to consultexternal documentation or the original author. Enhanced Code Maintainability: Clear justifications prevent accidentalre-introduction of issues when code is refactored or suppressions are reviewed. Theyprovide a history of why certain warnings were deemed acceptable at a particular point. Better Management of Technical Debt: Suppressed warnings can be a form oftechnical debt. Justifications help in tracking and prioritizing which suppressionsshould be revisited and potentially fixed. Consistency Across Suppression Mechanisms: By adding justification support to both#pragma warning and gsl::suppress, we provide a consistent experience for you. Thisallows old code to use #pragma warning while new code can use [[gsl::suppress]], allwhile maintaining the ability to provide justifications.Impact on Existing WorkflowsThese new features are additive. Existing suppression mechanisms (withoutjustifications) will continue to work as before. However, we encourage you tostart using the justification attribute for new suppressions and to gradually updateexisting ones where clarity is beneficial. There is no automatic migration, but theprocess of adding justifications is straightforward.AvailabilityThese enhancements are available in the MSVC compiler toolset shipping with VisualStudio 2022 version 17.14 and newer, and will be part of future Visual Studio releases.Ensure your Visual Studio is updated to leverage these improvements.Try It Out// example.cpp// Compile with: cl /analyze:only /analyze:plugin EspxEngine.dll /analyze:log:format:sarif /analyze:log:includesuppressed example.cppint main(){ int arr[10]; // warning C26494 int* p = arr; // warning C26485 [[gsl::suppress("bounds.1", justification : "This attribute suppresses Bounds rules #1")]] { int* q = p + 1; // warning C26481 (suppressed) p = q++; // warning C26481 (suppressed) } return 0;}You can run the above code with the following options:/analyze /analyze:log:format:sarif /analyze:log:includesuppressed to generate a SARIFfile that includes the suppression details.(Note: EspxEngine.dll is the plugin that enables C++ Core Guidelines checks, which arethe target of gsl::suppress.)> cl /analyze:only /analyze:plugin EspxEngine.dll /analyze:log:format:sarif /analyze:log:includesuppressed .\example.cppMicrosoft (R) C/C++ Optimizing Compiler Version 19.50.35305.95 for x64Copyright (C) Microsoft Corporation. All rights reserved.example.cppD:\tmp\example.cpp(7) : warning C26485: Expression 'arr': No array to pointer decay (bounds.3).D:\tmp\example.cpp(6) : warning C26494: Variable 'arr' is uninitialized. Always initialize an object (type.5).You will also find a file named example.nativecodeanalysis.sarif, you can open it withVSCode (don't forget to install the latest version of theSARIF Viewer extension).After filtering to include suppressed warnings, you will see the warning details whichinclude the suppression information. Here is an example of what you will see:FeedbackWe would love to hear your thoughts on the new changes to warning suppressions! Pleaseshare your feedback and suggestions in the comments below. If you run into any issues,please let us know by filing a feedback ticket onVisual Studio Developer Community.