CVS Static Code Analysis Aug 12, 2013 by Checkmarx CVS (Concurrent Versions System) is a system for managing the source code within a development team. It allows for collaborative development by supporting a means of tracking each change made to the source code over any period of time. CVS was one of the first pieces of software to support this functionality and generally today, it is used in older operating environments as there are more powerful tools available on the market now. However, CVS static code analysis isn’t supported by CVS itself. External static code analysis solutions that can integrate into CVS and pull sources from it should be used. In order to conduct static code analysis within the CVS environment – you will need to choose a static code analysis tool that has a high-level of interoperability with that environment. Checkmarx is a great fit for this and it’s easy to integrate and get security testing done without any changes to the way your R&D team currently works. It’s vital for development teams to identify and defuse problems early in the coding process so that they can deal with the code while it’s still fresh in their minds and not several months down the line when the issue is detected by a compliance team, and it becomes more challenging , time consuming and costly to fix it. When you use a tool like Checkmarx, the reporting side of CVS static code analysis is really straightforward. You can test the code in real time and generate vulnerability reports that show exactly how many issues you have with very low rates of false positive/negative results. You can also track how each commit compares with previous cycles to work out where problems are arising and how to better address them in development. It’s also simple to pull out an HTML color coded report that shows exactly where the flaws are in the code – so you can fix them without searching for them.