Splint VS PVS-Studio

Splint Reviews

PVS-Studio Reviews

Splint mentions (9)

• C-rusted: The Advantages of Rust, in C, without the Disadvantages

  Whenever I see people talk about the portability or compatibility advantages of C, I'm reminded of how "even C isn't compatible with C", because you typically aren't talking about up-to-date GCC or LLVM on these niche platforms... you're talking about some weird or archaic vendor-provided compiler... Possibly with syntax extensions that static analyzers like splint will choke on. (Splint can't even understand near... Source: about 1 year ago

• Announcing Rust 1.67.1

  Huh. I think I actually needed to use the equivalent position for certain splint annotations in my C retro-hobby project. Source: about 1 year ago

• US NGO Consumer Reports also reporting on C and C++ safety for product development.

  I often like to say that Rust's bindings are a way to trick people into writing the compile-time safety annotations that they didn't want to write for things like splint. (Seriously. Look into how much splint is capable of checking with the correct annotations.). Source: over 1 year ago

• “Rust is safe” is not some kind of absolute guarantee of code safety

  Linters like Splint [0] can do that for C. I’m not saying that Rust’s built-in approach isn’t better, but please be careful about what exactly you claim. [0] http://splint.org/. - Source: Hacker News / over 1 year ago

• Glauber's Journey from rust to typescript

  (Sort of like how, for my DOS hobby project, I use splint to require explicit casts between typedefs so I can use the newtype pattern without having to manually reach into wrapper struct fields in places that don't do conversions.). Source: over 1 year ago

PVS-Studio mentions (9)

• Bugs that buzzed a lot

  One of the ways to create better and more secure code is to use static analyzers such as PVS-Studio. The tool provides code analysis for the C, C++, C#, and Java programming languages. - Source: dev.to / 13 days ago

• Examining suspicious code fragments in AWS SDK for .NET

  I checked the code with the PVS-Studio analyzer using the plugin for Visual Studio. - Source: dev.to / 10 months ago

• Do developers care about code security?

  I'm working on PVS-Studio. It's a code analysis tool detects both coding errors and security flaws (SAST). So, I'd like to know more about what teams expect from SAST solutions. Source: 12 months ago

• SAST in Secure SDLC: 3 reasons to integrate it in a DevSecOps pipeline

  And yet SAST is another essential step-up that can help reduce reputational and financial risks. If you are building SSDLC, SAST tools should be a mandatory part of the DevSecOps pipeline. - Source: dev.to / about 2 years ago

• Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice

  Since the project is open-source, we'll take advantage of this. To search for vulnerabilities, in addition to our own knowledge, we use PVS-Studio — a solution that searches for errors and security weaknesses. We need a group of security-related diagnostics — OWASP. You can read about turning on the corresponding warnings here. - Source: dev.to / about 2 years ago