PVS-Studio PVS-Studio Details

Basic Information

PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, C# and Java. It works under 64-bit systems in Windows, Linux and macOS environments, and can analyze source code intended for 32-bit, 64-bit and embedded ARM platforms.

Tool first release date

2009-07-27

Version release date

2022-02-10

Software cost

Free, Paid

Software license

Proprietary

Hosting

Self-Hosted

Supported operating systems

macOS, Linux, Windows

Tool website

https://pvs-studio.com

Process Integration

PVS-Studio and Continuous Integration: https://www.viva64.com/en/m/0005/

Deployment model

Workstation, CI Server, Standalone Server

Analysis inputs

Source code

Display results in IDE

CLion, Eclipse, IntelliJ IDEA, Visual Studio, VS Code

Live analysis & feedback while coding in IDE

CLion, Eclipse, Visual Studio, VS Code

Pre-commit invocation from workstation

CI Integration

Jenkins, MSBuild, Team Foundation Server, TeamCity

Able to analyze incremental changes to code (commit, patch, pull request)

Can schedule scans

API method to report results in SARIF format

API method to report results in XML/JSON/CSV format

Coverage

Claimed CWE coverage notes

https://pvs-studio.com/ru/pvs-studio/sast/

Supported programming languages

C, C#, C++, Java

Claimed Weakness Coverage

Checker Customization

Can disable checkers

Can customize checker logic

First-class API to create new checkers

Speed & Scalability

Speeding up the analysis of C/C++ code through distributed build systems (IncrediBuild): https://www.viva64.com/en/m/0041/

Parallelizes on one host

Parallelizes across more than one host

Results Quality

Provides explanation of warning

Provides severity of warning

Provides confidence information about warning

Provides code context around warning

Provides control flow context for warning

Provides data flow context for warning

Provides code coverage information per checker

Reporting

Results suppression even after code changes

Show differences in results set to previous scan

Two-way data sync with external remediation bug tracker

Graphical user interface (GUI)

Filter results by compliance standard

CWE All, MISRA C (2012), MISRA C++ (2008), OWASP Top Ten (2017)

Centralized reporting

Support

Team License: E-mail reply within 48 hours
Enterprise License: E-mail reply within 24 hours

Installation guide or documentation

User/operator guide or documentation

Integration guide or API documentation