Quick, simple, uncomplicated – the cheaper alternative for software certification
Whether for smart home systems, enterprise applications or IoT devices: TÜVIT’s fully automated software check for your C/C++ source code is based on a code sensor that determines potential vulnerabilities and the degree of fragmentation of the source code. These are visualized in the form of the Code Score Matrix, a meaningful test label confirming the quality of your code.
Scans C/C++ source codes for over 50 different error classes
Scans for over 50 different error classes, such as buffer overflow, integer overflow, cryptography and many more.
More attention for your product thanks to a high-value test label
Our scoring system acts as a high-visibility exclamation point to highlight the quality and security of your software.
TÜVIT represents top quality with over 25 years of experience
TÜV Informationstechnik (TÜVIT) is 100 percent focused on IT security. It is a part of our DNA – and has been since 1995.
Our unique quality label: Show how good & secure your code quality is!
How you benefit from using the Code Score Matrix
Convince your customers
Gain their trust with the software check from a globally recognized testing services provider.
Make your optimization visible
Use the Code Score Matrix to make the continuous improvement process of your software visible.
Your source code stays with you
The actual scanning process is carried out in your own IT environment. Your source codes never leave your premises.*
No additional expenditures
Testing as a Service (TaaS): No need for software selection, license acquisition or training.
Security by Design
Detect hotspots, potential vulnerabilities and fragmentation at an early stage.
Sprint to the test result
The code sensor is fully automated. This ensures speed and quick test results.
Millions of lines of code in a few hours
Scans several million lines of code in a few hours by means of parallel scanning processes.
Scans for over 50 different error classes
Scans for over 50 different error classes, such as buffer overflow, cryptography and many more.
* When using the Professional version, you only send the results file and some product details to us. The results file contains detailed information about potential vulnerabilities found. This may include limited information about affected functions and data entities in the code. In the free version, the Code Score Matrix is generated directly in the browser.
Overview of Code Score Matrix versions
Code Score Matrix Free
Acquire an initial impression of the quality and security of your code.
Simple: No installation required
Runs without installation on Windows 10 (64 Bit) systems.
Comprehensive: Scans for over 50 different error classes.
Applicable to C/C++ code.
High-quality: Detects hotspots and potential vulnerabilities in the source code.
Your source codes are never transmitted and are only tested in the local environment.
Fast: Fully automated and parallel scanning processes.
Scans several million lines of code in just a few hours.
Secure: Source code is not transmitted.
Your source codes are never transmitted and are only tested in the local environment.
Results: Code Score Matrix Light.
This is generated without the source code via the TÜVIT website and without a test report.
Your source code does not leave your company.
Windows 10 (64 bit) 
Code Score Matrix Professional
Advertise with the quality of your code and gain valuable tips regarding vulnerabilities and optimizations.
All functions of the free version
Comprehensive test report
We create a precise test report for your quality assurance containing all detailed analysis results. The results file contains detailed information about vulnerabilities found. This may include limited information about affected functions and data entities in the code.
Code Score Matrix marketing label
Informative label for promotional use, confirming the quality and security of your software.
Integration into your corporate design
Label may be integrated into your company’s own corporate design in accordance with the terms of use.
Benefit from recognized TÜV quality.
Windows 10 (64 bit)
How do I interpret the Code Score Matrix?
Source code is structured in directories by default. For each of these directories, our Code Sensor calculates the respective code size, as well as the density of potential security deficits. The determined code metrics are visualized in the form of the Code Score Matrix.
The larger a rectangle displayed within the Code Score Matrix, the more examined code is located in the respective directory.
The color indicates how many potential security deficits have been detected in a directory in relation to the code size and ranges from green (few) to red (many).
Analyze your C/C++ code for over 50 error classes
Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialized variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs – and many more.
