To generate a SARIF file, use the We have updated our support for Where For now, Example:<\/p>\n We have extended Where Both Whenever possible, we recommend using These enhancements to warning suppression offer several key benefits:<\/p>\n These new features are additive. Existing suppression mechanisms (without\njustifications) will continue to work as before. However, we encourage you to\nstart using the These enhancements are available in the MSVC compiler toolset shipping with Visual\nStudio 2022 version 17.14 and newer, and will be part of future Visual Studio releases.\nEnsure your Visual Studio is updated to leverage these improvements.<\/p>\n You can run the above code with the following options:\n You will also find a file named We would love to hear your thoughts on the new changes to warning suppressions! Please\nshare your feedback and suggestions in the comments below. If you run into any issues,\nplease let us know by filing a feedback ticket on\nVisual Studio Developer Community<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" Improvements to \\#pragma warning and gsl::suppress in Microsoft C++ Code Analysis.<\/p>\n","protected":false},"author":169849,"featured_media":35994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[270,1],"tags":[119],"class_list":["post-35604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-cplusplus","tag-code-analysis"],"acf":[],"blog_post_summary":" Improvements to \\#pragma warning and gsl::suppress in Microsoft C++ Code Analysis.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/35604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/users\/169849"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/comments?post=35604"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/35604\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media?parent=35604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/categories?post=35604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/tags?post=35604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\/analyze:log:format:sarif<\/code> compiler option. To ensure\nthat details about suppressed warnings (including their justifications) are included in\nthis SARIF log, you must also use the \/analyze:log:includesuppressed<\/code> option.<\/p>\nWhat’s New in
gsl::suppress<\/code>?<\/h2>\ngsl::suppress<\/code> to align with the latest C++ Core\nGuidelines syntax. Warnings can now be suppressed by using the gsl::suppress<\/code> attribute\nin the following way:<\/p>\n[[gsl::suppress( \"<warning_id>\", justification: \"<justification>\" )]]<\/code><\/pre>\n<warning_id><\/code> is the ID of the warning you want to suppress, and the optional\n<justification><\/code> is a string that provides a justification for the suppression.<\/p>\n[[gsl::suppress]]<\/code> is only available for C++ codebases. For C codebases, you\nmust use the #pragma warning(suppress)<\/code> syntax.<\/em><\/p>\n\/\/ CoreCheckExample.cpp\r\n\/\/ Add CppCoreCheck package and enable code analysis in build for warnings.\r\n\r\nint main()\r\n{\r\n int arr[10]; \/\/ warning C26494\r\n int* p = arr; \/\/ warning C26485\r\n\r\n [[gsl::suppress(\"bounds.1\", justification : \"This attribute suppresses Bounds rules #1\")]]\r\n {\r\n int* q = p + 1; \/\/ warning C26481 (suppressed)\r\n p = q++; \/\/ warning C26481 (suppressed)\r\n }\r\n\r\n return 0;\r\n}<\/code><\/pre>\nWhat’s New in
#pragma warning<\/code>?<\/h2>\n#pragma warning<\/code> to support the justification<\/code> field. Here is how\nyou can use it starting in Visual Studio 2022 version 17.14:<\/p>\n#pragma warning(suppress : <warning_id>, justification : \"<justification>\")<\/code><\/pre>\n<warning_id><\/code> is the ID of the warning you want to suppress, and the optional\n<justification><\/code> is a string that provides a justification for the suppression.<\/p>\nChoosing Between
#pragma warning<\/code> and gsl::suppress<\/code><\/h2>\n#pragma warning(suppress)<\/code> and [[gsl::suppress]]<\/code> offer fine-grained control over\nwarning suppression.<\/p>\n\n
#pragma warning(suppress)<\/code> is a general MSVC mechanism that can be used for any\ncompiler warning. It’s particularly useful when you need to suppress a warning in a\nspecific code block without altering the code’s structure significantly.<\/li>\n[[gsl::suppress]]<\/code> will only suppress warnings emitted by Microsoft C++ Code\nAnalysis. It is intended for use with the C++ Core Guidelines checks and can be applied\nto a scope or a specific declaration.<\/li>\n<\/ul>\n[[gsl::suppress]]<\/code> for suppressing Microsoft C++\nCode Analysis warnings.<\/p>\nWhy These Updates Matter<\/h2>\n
\n
#pragma warning<\/code> and gsl::suppress<\/code>, we provide a consistent experience for you. This\nallows old code to use #pragma warning<\/code> while new code can use [[gsl::suppress]]<\/code>, all\nwhile maintaining the ability to provide justifications.<\/li>\n<\/ul>\nImpact on Existing Workflows<\/h3>\n
justification<\/code> attribute for new suppressions and to gradually update\nexisting ones where clarity is beneficial. There is no automatic migration, but the\nprocess of adding justifications is straightforward.<\/p>\nAvailability<\/h3>\n
Try It Out<\/h2>\n
\/\/ example.cpp\r\n\/\/ Compile with: cl \/analyze:only \/analyze:plugin EspxEngine.dll \/analyze:log:format:sarif \/analyze:log:includesuppressed example.cpp\r\n\r\nint main()\r\n{\r\n int arr[10]; \/\/ warning C26494\r\n int* p = arr; \/\/ warning C26485\r\n\r\n [[gsl::suppress(\"bounds.1\", justification : \"This attribute suppresses Bounds rules #1\")]]\r\n {\r\n int* q = p + 1; \/\/ warning C26481 (suppressed)\r\n p = q++; \/\/ warning C26481 (suppressed)\r\n }\r\n\r\n return 0;\r\n}<\/code><\/pre>\n\/analyze \/analyze:log:format:sarif \/analyze:log:includesuppressed<\/code> to generate a SARIF\nfile that includes the suppression details.\n(Note: EspxEngine.dll<\/code> is the plugin that enables C++ Core Guidelines checks, which are\nthe target of gsl::suppress<\/code>.)<\/p>\n> cl \/analyze:only \/analyze:plugin EspxEngine.dll \/analyze:log:format:sarif \/analyze:log:includesuppressed .\\example.cpp\r\nMicrosoft (R) C\/C++ Optimizing Compiler Version 19.50.35305.95 for x64\r\nCopyright (C) Microsoft Corporation. All rights reserved.\r\n\r\nexample.cpp\r\nD:\\tmp\\example.cpp(7) : warning C26485: Expression 'arr': No array to pointer decay (bounds.3).\r\nD:\\tmp\\example.cpp(6) : warning C26494: Variable 'arr' is uninitialized. Always initialize an object (type.5).<\/code><\/pre>\nexample.nativecodeanalysis.sarif<\/code>, you can open it with\nVSCode (don’t forget to install the latest version of the\nSARIF Viewer extension<\/a>).\nAfter filtering to include suppressed warnings, you will see the warning details which\ninclude the suppression information. Here is an example of what you will see:<\/p>\n![\"extension](\"https:\/\/devblogs.microsoft.com\/cppblog\/wp-content\/uploads\/sites\/9\/2025\/07\/extension_screenshot-scaled_v2.png\")
<\/a><\/p>\nFeedback<\/h2>\n