Static analysis is important to perform regularly, but what if it takes an eternity for a whole project? The article addresses this question and provides step-by-step recipes for handling...
We all know the risks that vulnerabilities pose: application crashes, data loss, or privacy breaches. In this article, we'll look at examples that illustrate the core aspects of an approach...
How often does your static analyzer struggle to identify the source code nuances? It probably happens more often than you'd like, doesn't it? In the article, our team shares how we've dealt with...
Viktoria Pelipenko, Kirill Epifanov, Konstantin Volohovsky
Static analysis is a robust tool that helps developers to control code quality. Let's try to develop a simple analyzer for Lua using Java and see what's under the static analyzer...
In most cases, you can solve a task in an intuitive, procedural way. However, the simplest option isn't always the best. I invite you to take a look at a real-world example of transforming a...
This is a review article on what technologies underlies the work of static code analyzers. The article covers pattern-based analysis, data flow analysis, symbolic execution, taint checking...
SAST and DAST are two different approaches used to search for errors and vulnerabilities in the code. It's better not to choose one or the other but apply both methods. Let's discuss the pros...
Static code analysis is valuable because it helps detect errors in the early stages of development. However, it is not omnipotent and there are a number of limitations that prevent it from...
Here we'll discuss how SAST solutions find security flaws. I'll tell you about different and complementary approaches to detecting potential vulnerabilities, explain why each of them is...
This is the second article about related variables and how the PVS-Studio analyzer deals with them. This time, let's talk about how we enhanced the mechanism we created, and what problems of...
