0
Download PVS-Studio v7.28.78353.681 + License Key (Static Analyzer on Guard of Code Quality, Security (SAST), and Code Safety)

Download PVS-Studio v7.28.78353.681 + License Key (Static Analyzer on Guard of Code Quality, Security (SAST), and Code Safety)

Version: 7.28.78353.681
Product Release Date: December 25, 2023
Download Pvs-Studio V7.28.78353.681 + License Key (Static Analyzer On Guard Of Code Quality, Security (Sast), And Code Safety)
PVS-Studio is a tool to detect bugs and potential vulnerabilities in C, C++, C#, and Java source code on Windows, Linux, and macOS. It provides a plugin to import analysis results into SonarQube.
Add to your wishlist or like it:
0

PVS-Studio identifies bugs and potential vulnerabilities in C, C++, C#, and Java source code on Windows, Linux, and macOS.

PVS-Studio includes a plugin to import analysis results into SonarQube. The plugin allows importing warnings generated by the PVS‑Studio analyzer into the SonarQube server database.

PVS-Studio detects various errors – typos, dead code, and potential vulnerabilities (Static Application Security Testing, SAST).

It matches warnings to the Common Weakness Enumeration, SEI CERT Coding Standards and supports the MISRA standard.

PVS-Studio is part of the Forrester Research report “Now Tech: Static Application Security Testing, Q3 2020” as a SAST specialist. Adopting Static Application Security Testing (SAST) methodology improves application security and helps to reduce the impact of security flaws in the application lifecycle. Forrester Research is a leading emerging-technology research firm providing data and analysis that defines the impact of technology change on business.

When is it time to use the PVS‑Studio analyzer?

  • For a developer
    • You make occasional mistakes during development.
    • Debugging when searching for errors is time-consuming.
    • Errors get into the version control system.
    • Once an error is found by QA specialists, it isn’t easy to debug that code.
  • For a manager
    • Frequent returns to old tasks due to bugs
    • Users report errors in your products
    • You hire more developers but notice a code quality decline
    • With the increasing amount of code, it isn’t easy to assess its quality and reliability.
  • For a security professional
    • Difficulties with external code audit
    • Potential customers require the use of such tools
    • Clients require to use security and safety standards in the development.

Pvs-Studio

PVS-Studio Features:

  • Preprocessing C and C++ source files (based on compilation parameters) allow for expanding preprocessor directives, i.e., to include header files and substitute macros. The analyzer uses this feature to build the complete semantic model of the analyzed code.
  • The intermodular analysis enables the diagnostics to account for functions declared in other translation units.
  • The pattern-based analysis based on an abstract syntax tree searches for fragments in the source code that are similar to the known code patterns with an error.
  • Method annotations provide more information about the methods used than one can obtain by analyzing only their signatures.
  • Software composition analysis (SCA) looks for the application dependencies on components that contain vulnerabilities.
  • The data-flow analysis evaluates limitations imposed on variable values when processing various language constructs. For example, data-flow analysis helps evaluate values that a variable can take inside if/else blocks.
  • Type inference based on a semantic program model provides the analyzer with complete information about all variables and statements in the code.
  • Symbolic execution evaluates variables’ values that can lead to errors and checks the values’ range.
  • Tainted data analysis detects cases when an application uses unverified user data. Trusting such data excessively may cause vulnerabilities (for example, SQLI, XSS, and path traversal).