PVS-Studio Unveils 2025 Achievements: Enhanced Code Analysis Tools and Expanded Tech Partnerships

Global - Ekhbary News Agency

PVS-Studio Unveils 2025 Achievements: Enhanced Code Analysis Tools and Expanded Tech Partnerships

PVS-Studio, a leading provider of static code analysis tools, has revealed its comprehensive summary for 2025, outlining a series of significant advancements that solidify its position in the software security market. These accomplishments include substantial improvements to development environment plugins, the formation of strategic technological partnerships with ASOC (Application Security Orchestration and Correlation) systems, and the introduction of a robust suite of new diagnostic rules. These rules are specifically designed to ensure code compliance with critical industry standards such as OWASP and MISRA. These developments, as reported to CNews by PVS-Studio representatives, underscore the company's unwavering commitment to innovation and delivering advanced, effective code analysis solutions.

The year 2025 saw an intensive focus on bolstering the core analytical capabilities of the product. For the C and C++ analyzers, a brand-new code parser was launched, leading to significant enhancements in the analysis and parsing of language constructs and the standard library. Oleg Lysy, Head of the C and C++ Analyzer Development Department, commented, "2025 has been marked by crucial technological improvements in our C and C++ analyzer. We have laid the foundation for supporting new language standards and advancing data flow and taint analysis." The changes made to the taint analysis mechanism throughout the year have resulted in a notable increase in the number of cases where the analyzer can identify potential vulnerabilities, significantly empowering developers to build more secure software.

Development was not limited to C and C++; the C# analyzer also received substantial upgrades. The ability to account for tainted data was integrated, enabling the detection of a wider array of errors, such as array out-of-bounds access, overflow detection, and potential division by zero. Furthermore, the analysis of code blocks with a large number of variable identifiers (500 or more) was optimized. Previously, such scenarios could lead to analyzer slowdowns. These improvements ensure a smoother and more efficient analysis experience for developers working with C#.

PVS-Studio also dedicated efforts to enhancing and refining its foundational diagnostic rules. Support for new language constructs was added, and the mechanisms within PVS-Studio for identifying code issues were improved. Crucially, the final release of 2025 introduced support for analyzing projects built on the latest .NET 10 version, ensuring the analyzer's compatibility with cutting-edge development technologies. Artem Rovensky, Head of the C# Analyzer Development Department, emphasized this direction, stating, "In 2025, we dedicated time to creating specialized diagnostic rules for working with Unity-based projects. Currently, the C# analyzer features over 20 specialized diagnostics for identifying optimization issues and general-purpose errors." This focus on Unity reflects the company's responsiveness to the growing needs of the game development and virtual reality communities.

In another strategic move, PVS-Studio enhanced its integration capabilities by supporting the direct upload of analysis results into ASOC (Application Security Orchestration and Correlation) systems. This initiative has culminated in technological partnerships with various ASOC tools, allowing the analyzer to be seamlessly integrated into existing development pipelines. Analysis results can now be integrated into platforms such as AppSecHub, Hexway, Securitm, CyberCodeReview, and TRON.ASOC, simplifying vulnerability management and tracking for security teams and developers alike.

PVS-Studio also reaffirms its commitment to national standards, demonstrating compliance with GOST R 71207-2024. In 2024, the PVS-Studio plugins for Visual Studio and Visual Studio Code gained the ability to display special SAST (Static Application Security Testing) identifiers, which indicate the affiliation of a triggered warning with critical error categories from GOST R 71207-2024. In 2025, this functionality was extended to the SonarQube plugin and the `.pvsconfig` analysis configuration files. This feature is vital for information security specialists who meticulously monitor compliance with cybersecurity requirements and adhere to secure software development processes. Moreover, the concept by which the analyzer marks warnings as critical according to GOST has been re-engineered. Previously, a single rule corresponded directly to a single critical error identifier. Now, the approach has become dynamic: a single analyzer warning can be associated with multiple critical categories, providing a more nuanced and comprehensive view of potential risks.

Ekhbary News Agency