...
Test Configuration | Description |
---|---|
Recommended Rules | The default configuration of recommended rules. Covers most Severity 1 and Severity 2 rules. Includes rules in the Flow Analysis Fast configuration. |
Flow Analysis Standard | Detects complex runtime errors without requiring test cases or application execution. Defects detected include using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code. This requires a special Flow Analysis license option. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations. |
Flow Analysis Fast | The fast configuration uses "Shallowest" depth of analysis and runs faster than the standard and aggressive configurations. The fast configuration finds a moderate amount of problems and prevents violation number explosion. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations. |
Flow Analysis Aggressive | The aggressive option reports any suspicious code as a violation. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations. |
Effective C++ | Checks rules from Scott Meyers’ "Effective C++" book. These rules check the efficiency of C++ programs. |
Effective STL | Checks rules from Scott Meyers’ "Effective STL" book. |
Modern C++ (11, 14 and 17) | Checks rules that enforce best practices for modern C++ standards (C++11, C++14, C++17). |
Find Duplicated Code | Detects duplicated functions, code fragments, string literals, and #include directives. |
Find Unused Code | Includes rules for identifying unused/dead code. |
Metrics | Reports metrics statistics and detects metric values out of acceptable ranges. |
Global Analysis | Checks the Global Static Analysis rules. |
Parasoft’s Recommended Rules | The default configuration of recommended rules (deprecated). |
Sutter-Alexandrescu | Checks rules based on the book "C++ Coding Standards," by Herb Sutter and Andrei Alexandrescu. |
The Power of Ten | Checks rules based on Gerard J. Holzmann’s article "The Power of Ten - Rules for Developing Safety Critical Code." (http://spinroot.com/gerard/pdf/Power_of_Ten.pdf) |
...
Test Configuration | Description |
---|---|
CWE-SANS Top 25 Most Dangerous Programming Errors | Checks for the 2011 CWE/SANS Top 25 Most Dangerous Software Errors— a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all. (http://cwe.mitre.org/top25/index.html) For more details, see 2011 CWE/SANS Top 25 Most Dangerous Software Errors Mapping. |
OWASP Top 10 2017 | Includes rules that find issues identified in OWASP’s Top 10 standard. |
Payment Card Industry Data Security Standard | Checks rules for the security issues referenced in section 6 of the Payment Card Industry Data Security Standard (PCI DSS) (https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml) Issues detected include input validation (to prevent cross-site scripting, injection flaws, malicious file execution, etc.) and validation of proper error handling. |
Security Rules | Checks rules designed to prevent or identify security vulnerabilities. |
SEI CERT C Coding Guidelines | Checks rules and recommendations for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. |
SEI CERT C Rules | Checks rules for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. |
SEI CERT C++ Rules | Checks rules for the SEI CERT C++ Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. |
UL 2900 | Includes rules that find issues identified in the UL-2900 standard. |
...