Get to Know the VSTS Native C/C++ Code Analyzer

With all the attention given Team Foundation Server lately, I haven’t spent much time keeping up with Team Suite and its constituent features. This article on by Nick Wienholt takes a brief look at the C/C++ native code analysis tools found in Team Suite and Team Edition for Developers.

The key to real security is to have multiple layers of defense. Relying solely on runtime library improvements to guard against coding patterns that can lead to buffer overruns and other security vulnerabilities is not sufficient. This article examines the Static Code Analyzer that ships with Visual Studio Team System (VSTS), Developer Edition, and explains how it can detect common security issues in native C/C++ code.

From: Get to Know the VSTS Native C/C++ Code Analyzer
Via: Eric Jarvi's blog


Comments (1)

  1. confused says:

    it would be nice if the stupid thing wasn’t full of false positives.


    //some header

    struct foo {

      int name;


    //some source file

    int bar(int name)



    generates a warning about the first "name" being hidden in function bar by the scoping of the second "name".

    makes it hard to trust a tool like this if you want to fix an old, large codebase. Are you going to end up spending your time on false positives or on real bugs ?

Skip to main content