Many developers have heard of PVS-Studio static analyzer, but not everyone knows they can use it for free on a permanent basis. This article breaks down different free licensing options, explains who they're good for, and details how to get started with the tool.
Introduction
PVS-Studio is a tool for detecting potential errors and vulnerabilities in C, C++, C#, and Java code. It runs on Windows, Linux, and macOS and offers a wide range of integration scenarios—from IDE plugins to the use in version control or code quality systems. In the enterprise segment, PVS-Studio is a paid B2B solution used by many teams and companies around the world.
The PVS-Studio team does more than just develop the analyzer. For 17 years, we've participated in developing the technical community and helping improve the quality and reliability of open-source software. We regularly check community projects, and our articles have helped fix numerous errors.
There are many non-commercial projects run by enthusiasts who care about code quality. However, we can't check them all, especially since they aren't always publicly available. That's why we've introduced several ways to get PVS-Studio for free.
We'll release a series of articles on this topic. The first part discusses the basic licensing terms and conditions and provides a tutorial on how to get started with the analyzer. In other parts, we'll cover how to use and customize the tool for your project. Of course, we'll also break down the errors detected by the analyzer in real projects.
Note. Before anyone suggests a "simpler" method involving individual licenses, I'd like to point out that we've already tried that. It didn't work out :) If you'd like to know more about the results of that experiment, I suggest checking out this article.
How to get a license
There are several ways to obtain a free PVS-Studio static analyzer license:
- for open-source projects;
- for proprietary projects;
- for students and teachers;
- for security experts;
- for Microsoft MVPs.
Let's take a closer look at each option.
Note. The methods described in this article are NOT suitable if you just want to check PVS-Studio! To try out the tool, you need a trial key, which you can get on this page. Choose one of the options described in this article only if you decide to regularly use PVS-Studio for free.
For open-source projects
If you're working on an open-source project, you can receive a free, unrestricted PVS-Studio license.
This is the easiest and most popular way to use the analyzer for free on a permanent basis. We recommend using it if you have an open-source project.
Please note that the project must be hosted on GitHub, GitLab, or Bitbucket. Getting a license requires:
- visiting this page and reading the licensing terms;
- meeting the licensing conditions (mentioning PVS-Studio in REAMDE.md, etc.);
- entering the required information (an email, a project link);
- submitting a request for a free license;
- using the same method once the license expires to obtain a new license key.
Note. You can learn more about the licensing terms in the following article: "Use PVS-Studio to analyze open-source projects".
This method requires that you mention PVS-Studio in the README.md file, as well as in the commits and pull requests. If this doesn't suit you, you can use the way described in the "For proprietary projects" section. It involves adding comments to the code.
For proprietary projects
Not all smaller projects are publicly available. We understand that they can be proprietary, like indie games or academic projects.
For this reason, we've implemented a free licensing option that requires adding special comments to the code. The idea is that such comments are unacceptable for large corporate projects, though programmers can add them to their personal projects. If you're interested in learning more about why we chose this approach, check out this article.
To obtain such a license, a user must fulfill one main condition: add two comment lines to all compiled project files. Comments vary depending on the project focus.
Note. We're talking about files that have the following extensions: .c, .cc, .cpp, .cs, .java, and so on. Header h files don't need to be changed.
If you're an individual developer and want to get a license, the comment should look like this:
// This is an independent project of an individual developer. Dear PVS-Studio, please check it.
// PVS-Studio Static Code Analyzer for C, C++, C#, and Java: https://pvs-studio.com
Additionally, this licensing option is available as an alternative to the method described in the "For open-source projects" section. Then, the comment should look like this:
// This is an open source non-commercial project. Dear PVS-Studio, please check it.
// PVS-Studio Static Code Analyzer for C, C++, C#, and Java: https://pvs-studio.com
After this step, you can proceed to the "Installation" section.
Note. In addition to the free method described here for using the analyzer, you can download a trial version from the website. This option is good for getting acquainted with the tool.
Automatization
If your project contains a lot of files, consider using a utility program. Indicate in the utility which comment should be inserted and the directory of the code. It will then recursively go through all files in the folder and its subfolders, adding the appropriate comments to the source code files. You can download the utility with the source code here: how-to-use-pvs-studio-free.
See the "How to Use PVS-Studio for Free" article for additional details and conditions.
For students and teachers
If you're a student or a teacher, or if you represent an educational institution, our team offers free access to PVS-Studio. You can use it to study and practice the use of static code analyzers, as well as to deepen your knowledge of programming languages and their specifics.
The license is free, but it requires adding special comments to files. The conditions and steps for obtaining this license are the same as those listed in the "Proprietary projects" section. The only difference is in the contents of the comments.
The comments for the academic license are as follows:
// This is a personal academic project. Dear PVS-Studio, please check it.
// PVS-Studio Static Code Analyzer for C, C++, C#, and Java: https://pvs-studio.com
You can learn more about this licensing option on this page.
For security experts
Public cybersecurity experts, such as those involved in vulnerability research, can contact us to receive a free license for PVS-Studio analyzer.
To obtain and maintain it, you'll need to confirm your experience and involvement in the field of security. You can demonstrate this through articles, publications, and other relevant materials. These details will be clarified during the communication process.
For more information on this licensing method, see the "Handing out PVS-Studio Analyzer Licenses to Security Experts" article.
For Microsoft MVPs
We respect the efforts of MVP experts in the IT community, and we want to support those who contribute positively to the field of IT.
So, if you're a Microsoft MVP, we'd love to give you a free PVS-Studio license for a year. Then you can renew it.
You can submit your request on this page.
Getting started
First, prepare an environment that supports PVS-Studio analyzer. The documentation lists the system requirements and supported integrations.
After fulfilling all the conditions of the selected licensing option and receiving the key, you can begin the installation process. The stages depend on how and where you use the analyzer.
We will use OSU!—a well-known open-source C# game—as the test project to examine the experience of the first run. As the IDE for integrating the PVS-Studio plugin, we'll use Visual Studio 2022.
Note. You can use PVS-Studio static analyzer in more ways than just an IDE plugin. There are many use cases, including integration with CI/CD systems, code quality and security verification systems, and game engines. See our main page for a full list of possible use cases.
Installation process
For example, let's look at the scenario of installing a Visual Studio plugin from the Marketplace.
First, open the Manage Extensions menu in Visual Studio by navigating to Extensions > Manage Extensions. Then, enter PVS-Studio in the search field. The plugin will appear in the search results:
Then, click the Download button to start the automatic download of the PVS-Studio installer for Windows. It includes the plugin, the analyzer core, and auxiliary tools.
The installer will prompt you to close all active processes in the available development environments and provide a selection of plugins for each installed IDE.
How to enter a license
After the installation, the first step is to enter the license.
The installer will prompt you to enter the license information and activate it. You can do this immediately or later via the plugin menu. Enter the key you obtained in the "How to get a license" step:
If you followed the instructions for using comments in the code (see "For proprietary projects"), enter the following key:
The activation key
License Name: PVS-Studio Free
License Key: FREE-FREE-FREE-FREE
Note. See the documentation for details on how to enter the license.
Once the license is activated, the analyzer is ready for use.
Let's not get ahead of ourselves, though. Yes, you can start analyzing a project right away because our tool works out of the box. However, we strongly recommend taking the time to configure it by limiting the files for analysis, enabling or disabling various diagnostic rules, etc. This will not only enhance the analyzer performance but also minimize the false positive rate. In the next part, we'll dive deeper into the topic of configuring the tool and working with reports. For now, feel free to check the documentation.
If you have any questions about the licensing policy or other issues, please ask them in the comments section below the article or via the feedback form.
Top comments (0)