Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
* Difference between Team and Enterprise
Didn't get our email?
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
Why do we ask to use Business Email?
New License
License Renewal
--Select currency--
USD
EUR
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

Registration
Home
>
PVS‑Studio analyzer
>
PVS-Studio as a SAST solution

PVS-Studio as a SAST solution

PVS-Studio is included in the Forrester Research report "Now Tech: Static Application Security Testing, Q3 2020" as a SAST specialist. Adopting Static Application Security Testing (SAST) methodology improves application security and helps to reduce the impact of security flaws in application lifecycle. Forrester Research is a leading emerging-technology research firm providing data and analysis that defines the impact of technology change on business. The report is available by purchase or with a subscription with Forrester Research.

PVS-Studio helps improve code in three directions: quality, safety, and security.

Quality

No matter what software you develop, the code quality should be high — so that your clients encounter fewer problems, and you develop the project easier and at a lower cost.

The General Analysis diagnostics help find problems related to code quality. They detect:

  • array index out of bounds;
  • null pointer dereference;
  • incorrect function call;
  • synchronization problems;
  • and other defects.

You can find a list of the General Analysis diagnostics here.

Safety

Safety is especially important in software where defects may lead to serious consequences: loss of million dollars or even human lives. Applications in space industry, medicine, and mechanical engineering, have high safety requirements and must contain no errors.

To write safe code, developers use special standards (for example, MISRA C, MISRA C++, AUTOSAR Coding Guidelines).

PVS-Studio detects non-compliance with these standards. Tables of PVS-Studio's diagnostics and how they correspond to the safety standards:

If you work with the MISRA standards, you may need the MISRA Compliance report. You can generate it with utilities from PVS-Studio. Read more here.

Security

Secure code is resistant to malicious attacks: SQL injections, XXE, XSS, and others. Security is important in applications that work with user data (banking software, web applications, etc.).

To make applications secure, teams use secure software development life cycle (SSDLC). One of the life cycle stages is searching for security problems with SAST (static application security testing).

PVS-Studio is a SAST solution that searches for weaknesses and helps increase code security.

Tables that list PVS-Studio diagnostics and how they correspond to potential vulnerabilities and secure development standards:

The most dangerous and common weaknesses are listed in various tops. Find out how PVS-Studio helps fight these weaknesses:

Benchmark suites for testing code analyzers

Benchmarks help evaluate the abilities of static analyzers. It is a set of code fragments that help evaluate whether the analyzer finds problems and whether it issues false positives.

PVS-Studio's coverage of benchmarks is as follows:

  • Toyota ITC Benchmarks: 49%. The evaluation method is here.