The CodeV validation process understands multiple vulnerability types, of which the following list presents the most relevant ones. OWASP TOP10, SANS and CERT-CC were used as the basis for relevancy determination.
Takes into account the context of the code stream, code flows and existing files. In this type of analysis, CodeV knows the possible values for each particular variable in every code flow, passing through different files, classes and contexts, and uses this data to determine if said flow is vulnerable and consequently exploitable. It's characterized by being very deterministic, originating considerably less false positives.
Function and/or code block oriented, has the capacity to analyze and verify security vulnerabilities in code. This type of analysis is characterized by being faster, more prone to false positives and less susceptible to false negatives.
Last approach that CodeV provides, consists in the combination of Flow Analysis and Functional Analysis, resulting in a deterministic analysis, that not only detects few false positives but also few false negatives.