This press release is also a test of a new format: the main information is summarized. If you want more information — you can read sections with detailed description. Choose what you like more.
Security. We've covered all categories from the OWASP Top 10 2021: PVS-Studio has at least one diagnostic rule for each category. Also, PVS-Studio for C# now can search for dependencies with vulnerabilities — we've implemented software composition analysis (SCA).
Unreal Engine. The bug related to Unreal Engine's inability to find PVS-Studio by the default path is finally fixed. Starting from Unreal Engine 5.0.3. you you can analyze projects without any workarounds. We've also enhanced the analysis of UE projects: you'll see more true warnings and fewer false ones.
Cross-platform analysis for C and C++ projects. The pvs-studio-analyzer and CompilerCommandsAnalyzer utilities have been improved: now you can use them more conveniently. These utilities are described in the documentation.
Activities:
Get a trial version or download PVS-Studio 7.20 here. Subscribe to the newsletter so as not to miss our new releases and articles.
OWASP Top 10 2021: search for security weaknesses from all categories
In the 7.20 release we've covered the last category from the OWASP Top 10 2021 – A06. Now PVS-Studio can search for security defects from all categories listed in the OWASP Top 10.
There's a special page where you can see the diagnostic rules that search for issues from each category.
SCA: check dependencies of C# projects for vulnerabilities
The application may be vulnerable if it uses dependencies with vulnerabilities. To search for "malicious" dependencies, developers use software composition analysis (SCA) tools.
PVS-Studio for C# now can search for such dependencies too. If the analyzer finds a dependency with a vulnerability — it issues a warning.
Read more in the documentation for the V5625 diagnostic rule.
Unreal Engine: more true warnings, fewer false ones
Starting from Unreal Engine 5.0.3 you can analyze UE 5 projects without any workarounds. Before this update, some users reported that UE couldn't find PVS-Studio by the default path. Now the bug is fixed.
Besides, now PVS-Studio better understands code of Unreal Engine projects. The analyzer now issues less false positives and understands more about types native for the engine. For example, about analogues for containers from the C++ standard library.
Here's the documentation about analysis of Unreal Engine projects.
Cross-platform analysis of C and C++ projects: enhanced utilities, new documentation
We've enhanced our utilities for cross-platform analysis of C and C++ projects — pvs-studio-analyzer and CompilerCommandsAnalyzer. For example, they better determine the compiler used in a project. If these utilities failed to determine the compiler's type right, you can specify it manually (see the '‑‑compiler' flag).
You can find their use case scenarios, command-line flags, and exit codes in the new documentation section.
C, C++:
C#:
Newsletters of the new versions and article digests. Subscribe so as not to miss new articles and releases. Once a month we'll send you a digest of the most interesting articles and every two months — an email about our new release with the new analyzer features.
If you want to know how we created our newsletter, read this article.
Can you spot errors in the C# code? Prior to that, our challenge was for C++ developers only. Now we released the game version for C#!
Here's a quick tutorial:
Play: C# edition, C++ edition.
Share these links with your teammates — let them try to beat your score ;)
PVS-Studio quiz: Who you are in C++. A small entertaining quiz that will show you who you are in the C++ world. Want to distract from your tasks for a couple of minutes and relax? This quiz is a great option to do so.
Take the quiz here.
What to read. Some articles that we've published since the previous release:
Download PVS-Studio 7.20 here. Want to evaluate the analyzer? Get a trial key :).
A small question in the end: how do you find this press release format?
0