PVS-Studio static code analyzer
PVS-Studio is a powerful static source code analysis solution for bug detection in C, C++, C# and Java projects on Windows, Linux and macOS. It is intended for use in detecting and fixing safety, security and quality issues in code, before they turn into vulnerabilities, crashes, or painful debugging.
To get the trial license please follow PVS-Studio Download Page and fill the form. We'll send you the trial license shortly.
What is PVS-Studio?
PVS-Studio is a full-fledged static code analyzer that allows the checking of C, C++ (including C++/CLI), C# and Java code on Windows, Linux and macOS.
This powerful tool is able to find such errors as copy-paste, misprints, buffer overrun, uninitialized variables, SQL injections, potential XSS vulnerabilities, and many more.
What makes it unique?
It significantly saves time and nerves, as it is especially useful in looking for misprints which can take a programmer weeks to find.
PVS-Studio is easy to install and use, without the need to deploy a complex maintenance environment.
PVS-Studio has up to 700 pages of documentation providing explanations of the root of each problem, and recommendations of the way to fix said issues.
Available options include checking the entire solution or integrating it with the build system via continuous integration - this makes it a flexible development tool that meets personal needs.
PVS-Studio will quickly pay back its cost in increased code quality and reduced development time.
- Automatic (incremental) analysis of individual files right after their recompilation in IDE.
- Intuitive interface - easy navigation along the warnings issued for the code. Everything you need is at your fingertips - warnings sorted by severity level, highlighted code fragments which require additional revision, and quick access to the documentation. PVS-Studio documentation suggests ways of how to fix the detected error.
- Great scalability - PVS-Studio supports multi-core and multi-processor systems with the ability to specify the number of cores to use; can be used together with Incredibuild.
- Baselining analysis results - suppression of "old" messages on the existing code, so that the analyzer issues 0 warnings for it. This allows to integrate static analysis easily at any point of the development lifecycle. It is especially helpful in case you need to check only newly written code fragments.
- Interactive filtering of the analysis results (log file) in PVS-Studio IDE/Standalone window: the issued warnings are sorted by diagnostic number, file name, the word in the text of the diagnostic, plus the ability to exclude files from the analysis by name, folder, or mask.
- Automatic notification of developers. The Blame Notifier tool allows you to send e-mail notifications to the developers about bugs that PVS-Studio found during a night run based on the blame information from version control system.
- Analysis of commits, merge and pull requests - analyzer can be configured to analyze only the modified files. This allows to quickly and automatically analyze every commit to version control system.
- Suppress false positives - use code markup to suppress a certain diagnostic in a particular code fragment.
- Ability to do nightly checks - the analyzer does the scanning during the night, and provides you with the completed result in the morning.
- Analysis from command line: helps integrate PVS-Studio into nightly builds, CI/CD services.
- Portability of analysis results - view analysis results on different machines thanks to the use of relative paths.
- Compiler Monitoring for C and C++ - analysis of projects that have no Visual Studio project files (.sln/.vcxproj). In case of the monitoring functionality not being enough, there is the capability of integrating PVS-Studio in Makefile-based (or any other) build system directly.
- Static Application Security Testing (SAST) - the analyzer provides mappings for its warnings to Common Weakness Enumeration, SEI CERT Coding Standards, OWASP Top 10, and supports OWASP ASVS standard.
- Safety - PVS-Studio supports such safety standards as MISRA C, MISRA C++, AUTOSAR C++ Coding Guidelines. Analyzer also provides a way to generate MISRA Compliance report.
- Integration with SonarQube - an open-source platform, designed for continuous analysis and measurement of code quality.