Skip to content

Code quality

Code Score Matrix

Fast, simple, uncomplicated - the favourable alternative to software certification

Whether smart home system, enterprise application or IoT device: TÜVIT's fully automated software check for your C/C++ source code is based on a code sensor that identifies potential vulnerabilities and the degree of fragmentation. These are visualised in the form of the Code Score Matrix, a meaningful test label about the code quality of your code.

Mann vor Monitor

Scans C/C++ source code for errors

Scans for over 50 different error classes such as buffer overflow, integer overflow, cryptography and many more.

More attention for your product

Use our scoring system to put a highly visible exclamation mark behind the quality and security of your software.

TÜV top quality for over 30 years

TÜV Informationstechnik (TÜVIT) stands 100 per cent for IT security. It is part of our DNA - and has been since 1995.

What does the Code Score Matrix indicate?

Source code is structured in directories by default. For each of these directories, our Code Sensor calculates the respective code size and the density of potential security flaws. The determined code metrics are visualised in the form of the Code Score Matrix.

The larger a square within the Code Score Matrix is displayed, the more analysed code there is in the respective directory.

The colour indicates how many potential security flaws were detected in a directory in relation to the code volume and ranges from green (few) to red (many).

How you can benefit from using the Code Score Matrix

The fully automated software check offers a number of advantages.

  • Convince your customers
    Gain trust with the software check from a globally recognised testing service provider.
  • Make your optimisation visible
    Make the continuous improvement process of your software visible with the Code Score Matrix.
  • Your source code stays with you
    The actual scanning process takes place in your own IT environment. Your source codes never leave your premises*.
  • No additional costs
    Testing as a Service (TaaS): No software selection, licence procurement or training.
  • Security by design
    Recognise hotspots, potential vulnerabilities and fragmentation in good time.
  • Sprint to the test result
    The Code Sensor is fully automated. This ensures speed and fast test results.
  • Millions of lines of code in just a few hours
    Scans several million lines of code in just a few hours using parallel scanning processes.
  • Scans for over 50 error classes
    Scans for over 50 different error classes such as buffer overflow, cryptography and many more.

* When using the Professional version, you only send us the results file & some product details. The result file contains detailed information on potential vulnerabilities found. This may include limited information about functions & data entities affected in the code. With the free version, the code score matrix is generated directly in the browser.

Computer screen with code

Analyze your C/C++ code for over 50 error classes

Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialised variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs & many more.

Overview of the Code Score Sensor versions

Code Score Sensor Free

Gain a first impression of the quality and security of your code.

  • Simple: No installation required
    Can run on all standard Windows 10 (64-bit) systems without installation.
  • Comprehensive: Scans over 50 different error classes
    Applicable for C/C++ code.
  • High-quality: Detects hotspots and potential vulnerabilities in the source code
    Your source codes are not transferred at any time and are only checked locally.
  • Fast: Fully automated and parallel scanning processes
    Scans through several million lines of code in just a few hours.
  • Secure: Source code is not transferred
    Your source code is never transferred and is only checked locally.
  • Result: Code Score Matrix Light
    Generated without source code via the TÜVIT website and without a test report.
Request now free of charge

Code Score Sensor Professional

Advertise the quality of your code and receive valuable information on weak points and optimisations.

  • All the functions of the free version plus
  • Comprehensive test report
    We create a precise test report for your quality assurance with all detailed analysis results. The results file contains detailed information on vulnerabilities found. This may include limited information on functions & data entities affected in the code.
  • Code Score Matrix marketing label
    Meaningful label for promotional use that confirms the quality and security of your software.
  • Integration into your corporate design
    Label may be integrated into your company's own corporate design in accordance with the terms of use.
  • Starting point for further code optimisation
    Result of the code check as an ideal starting point for further code optimisation & customised follow-up projects.
Order now

Frequently Asked Questions (FAQ)

What you need to know about Code Score Matrix

The Code Sensor is a portable Windows application. You need at least Windows 10 (x64, 64 bit). Windows 7 and older, 32-bit versions and ARM are not supported. There is no need to have a build environment for the code to be analysed. The technical system requirements can be easily tested by running our demo version.

Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialised variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs and many more.

In contrast to ISO 25010, the Code Score Matrix works directly on the source code and measures quality and security properties fully automatically. The Code Score Matrix is therefore more comparable to an ISO 5055 examination, although the Code Score Matrix analyses the source code at module level with a focus on security. ISO 5055, on the other hand, analyses the code at application level in the four categories of Maintainability, Performance Efficiency, Reliability and Security. Would you like to analyse other aspects in addition to security? Please contact us!