To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
The Philosophy of Static Code Analysis:…

The Philosophy of Static Code Analysis: Three Simple Steps

Oct 09 2017

The philosophy of static code analysis is very simple. The earlier a bug is found, the cheaper it is to fix. Static analysis tools carry it out in three steps.

Step one. Simply start using static analysis, no matter how often. If you have never used it previously, once a month will do. Just make sure you do that. A bug found by you is cheaper to fix than one found by your customer.

Step two. Start running static analysis on the build server at night. Catching bugs daily rather than once in a while makes them cheaper to fix.

Step three. Have the static analysis tool installed on your developers' machines as well. Fixing bugs the next day after a night build is nice, but what if the developers could fix them before their code gets to the repository? Use the analyzer while writing the code so that you could immediately check only those files that have been modified during the last build.

Have a huge project? And get a pile of messages you can't cope with? Just ignore them! Mark these messages as irrelevant and you won't see them again. This allows you to start benefitting from static analysis right from the first day of use, as warnings will be issued only for freshly written or modified code.

Static analysis to replace other methodologies? Static analysis is not a cure-all! It can't replace unit testing or code review. Static analysis is an answer to the question: "What else can we do to make our code better?" What does it mean, "better"? It means that it's easier to maintain, develop, and fix. If your company's income depends on software code, you simply can't do without static code analysis.

Popular related articles
PVS-Studio evolution: data flow analysis for related variables

Date: Apr 28 2022

Author: Nikita Lipilin

Related variables are one of the main problems of static analysis. This article covers this topic and describes how PVS-Studio developers are fighting false positives caused by different relationship…
SAST in Secure SDLC: 3 reasons to integrate it in a DevSecOps pipeline

Date: Apr 19 2022

Author: Sergey Vasiliev

Vulnerabilities produce enormous reputational and financial risks. That's why many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today we're go…
PVS-Studio: static code analysis technology

Date: Jan 11 2022

Author: Andrey Karpov, Paul Eremeev

PVS-Studio provides static analyzers for C, C++, C# and Java languages on Windows, Linux and macOS platforms. PVS-Studio analyzers can vary slightly due to certain features that the languages have. H…
How to speed up building and analyzing of your project with Incredibuild?

Date: May 17 2021

Author: Maxim Zvyagintsev

"How much longer are you going to build it?" - a phrase that every developer has uttered at least once in the middle of the night. Yes, a build can be long and there is no escaping it. One does not s…
GTK: the first analyzer run in figures

Date: Jan 04 2021

Author: Svyatoslav Razmyslov

For some people, the introduction of a static analyzer into a project seems like an insurmountable obstacle. It is widely believed that the amount of analysis results issued after the first run is so…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept