Code quality
Fast, simple, uncomplicated - the favourable alternative to software certification
Whether smart home system, enterprise application or IoT device: TÜVIT's fully automated software check for your C/C++ source code is based on a code sensor that identifies potential vulnerabilities and the degree of fragmentation. These are visualised in the form of the Code Score Matrix, a meaningful test label about the code quality of your code.
Source code is structured in directories by default. For each of these directories, our Code Sensor calculates the respective code size and the density of potential security flaws. The determined code metrics are visualised in the form of the Code Score Matrix.
The larger a square within the Code Score Matrix is displayed, the more analysed code there is in the respective directory.
The colour indicates how many potential security flaws were detected in a directory in relation to the code volume and ranges from green (few) to red (many).
* When using the Professional version, you only send us the results file & some product details. The result file contains detailed information on potential vulnerabilities found. This may include limited information about functions & data entities affected in the code. With the free version, the code score matrix is generated directly in the browser.
Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialised variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs & many more.
Code Score Sensor Free
Gain a first impression of the quality and security of your code.
Code Score Sensor Professional
Advertise the quality of your code and receive valuable information on weak points and optimisations.
The Code Sensor is a portable Windows application. You need at least Windows 10 (x64, 64 bit). Windows 7 and older, 32-bit versions and ARM are not supported. There is no need to have a build environment for the code to be analysed. The technical system requirements can be easily tested by running our demo version.
Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialised variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs and many more.
In contrast to ISO 25010, the Code Score Matrix works directly on the source code and measures quality and security properties fully automatically. The Code Score Matrix is therefore more comparable to an ISO 5055 examination, although the Code Score Matrix analyses the source code at module level with a focus on security. ISO 5055, on the other hand, analyses the code at application level in the four categories of Maintainability, Performance Efficiency, Reliability and Security. Would you like to analyse other aspects in addition to security? Please contact us!