C++ Core Check code analysis is included with VS 2017

Visual Studio “15” Preview 5 now includes the C++ Core Guidelines Checkers. This means you no longer have to install the C++ Core Check package from NuGet to check your code against rules and profiles in the C++ Core Guidelines. Just configure Code Analysis to include the C++ Core Check extensions.

You can configure Code Analysis in the Solution or Project Property Pages. Either right click on the project or solution or select “Analyze->Configure Code Analysis” from the menu bar.


Find the Code Analysis entry on the bottom of the Property Page and select “Extensions”. Here you’ll find two options: one to enable the Released C++ Core Checks, and one to enable the Experimental Core Checks.


Release checks vs. Experimental checks

What’s the difference between the release checks and the experimental checks? The release checks are more robust. The warnings they find are higher confidence than the experimental checks, and the checker itself runs faster. Right now they include the first set of C++ Core Guidelines checks we released with VS 2015 Update 1 as well as some additional checks from the Guidelines.


The experimental checks include rules that are in development but can still be interesting to run against your code. These include the Lifetime checks we previewed in March 2016 as well as some other checks under development. Note that while most checks will move from “experimental” into “release” you shouldn’t rely on any of the checks in the experimental group. Some of these are prototypes that won’t ever make their way into the release group.


Future of the NuGet-based packages

Remember that if you’re using Visual Studio 2015 you’ll have to still have to install the C++ Core Check package from NuGet. This change is only for Visual Studio “15”, the next major version of Visual Studio. (Note that VS “15” != Visual Studio 2015. Each version of Visual Studio has two names: the internal name is a simple incrementing number, the external name is the year of its release. Visual Studio “15” happens to be in development while Visual Studio 2015 is the current released version but they are different releases. Visual Studio “15” will be rebranded with the year of its release–Visual Studio 2016, Visual Studio 2017, etc.)

The CppCoreCheck packages distributed through NuGet now will remain available for users of VS 2015. But in the future we’ll focus our efforts on the checkers built into Visual Studio. We’ve always required that you use the latest released VS update with the newest CppCore Check because there’s a tight coupling between the C++ compiler and the code analysis tools. Once Visual Studio “15” releases you can continue to use the existing NuGet packages with Visual Studio 2015 but if you want the newest checkers you’ll need to upgrade to Visual Studio “15”.

The tight coupling between the C++ compiler and code analysis tools means that when you bring an existing VS 2015 project to VS “15” you’ll have to move the project to use the newer platform toolset. You can easily do this by bringing up the Project Properties (by right-clicking on the project) and selecting “Platform Toolset” under the “General” category. Once you choose “Visual Studio 2016 (v141)” you should see the settings for Extensions in the Code Analysis section of the project property page.


Send us your feedback!

As always, we welcome your feedback. For problems, let us know via the Report a Problem option, either from the installer or the Visual Studio IDE itself. For suggestions, let us know through UserVoice. And you can always reach us through e-mail at cppcorecheck@microsoft.com.