A custom specialized agent and skill for Claude Code to execute static application security testing (SAST) and general static code analysis using the PVS-Studio analyzer for C and C++ projects.
To install this in your project:
- Copy the
.claude/agents/pvs-studio.mdand.claude/skills/pvs-studio/SKILL.mdfiles into your project's.claude/directory, or drop them directly into~/.claude/for global use across all your repositories. - Ensure you have the
pvs-studio,pvs-studio-analyzer, andplog-convertercommand line utilities installed on your system.
Once installed, you can trigger the analysis flow explicitly or contextually.
Trigger the analysis flow explicitly using the slash command. The skill will fork a subagent to run the analysis without cluttering your main context window.
/pvs-studio
You can pass specific instructions/arguments to guide the analysis:
/pvs-studio prioritize security (OP) warnings and memory leaks
/pvs-studio only check the files I modified recently
Claude will seamlessly utilize the pvs-studio subagent if you state that you want to run static analysis or check your C/C++ code for issues.
> Check my code for any security vulnerabilities using PVS-Studio.
> Can you run static analysis and fix the array out-of-bounds errors?
When invoked, the agent autonomously performs the following steps:
- Validates the presence of the
pvs-studio-analyzertools. - Identifies the build system (Make, CMake, etc.) and generates a
compile_commands.json(e.g., viacmake) or traces the compiler runs (pvs-studio-analyzer trace). - Runs the analyzer to produce
pvs-studio.log. - Converts the log using
plog-converterinto easily readable formats like JSON or Markdown. - Reviews the high (GA:1, OP:1) and medium (GA:2, OP:2) certainty issues natively.
- Presents the critical findings with suggested code fixes inside your Claude Code session.