OWASP Top 10 2021: search for security weaknesses from all categories

In the 7.20 release we've covered the last category from the OWASP Top 10 – A06. Now PVS-Studio can search for security defects from all categories listed in the OWASP Top 10 2021.

There's a special page where you can see the diagnostic rules that search for issues from each category.

SCA: check C# project's dependencies for vulnerabilities

The application may be vulnerable if it uses dependencies with vulnerabilities. To search for "malicious" dependencies, developers use software composition analysis (SCA) tools.

PVS-Studio for C# now can search for malicious dependencies too. If the analyzer finds a dependency with a vulnerability — it issues a warning.

Read more in the documentation for the V5625 diagnostic rule.

Unreal Engine: more true warnings, fewer false ones

The Unreal Engine developers fixed the engine's inability to find PVS-Studio by the default path. Starting from Unreal Engine 5.0.3. you can analyze projects without any workarounds.

Besides, now PVS-Studio better understands code of Unreal Engine projects. The analyzer issues fewer false positives and understands more about types native for the engine. For example, about analogues for containers from the C++ standard library.

Cross-platform analysis of C and C++ projects: enhanced utilities, new documentation

We've enhanced utilities for cross-platform analysis of C and C++ projects — pvs-studio-analyzer and CompilerCommandsAnalyzer. For example, they better determine the compiler used in a project. If these utilities failed to determine the compiler's type right, you can specify it manually.

You can find their use case scenarios, command-line flags, and exit codes in the new documentation section.