CodeSonar C/C++
SAST when Safety and Security Matter
Accelerate Application Security
Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. GrammaTech has been a leader in this field for over 15 years with CodeSonar delivering multi-language SAST capabilities for enterprises where software quality and software security matter.
From a TAG Cyber analyst perspective, this suite of tools looks absolutely first-rate. It includes modern DevOps-consistent features with an unequaled foundational base derived from world-class research. » Read More
DevSecOps - Speed and Scale
Software developers need rapid feedback on security vulnerabilities in their code. CodeSonar can be integrated into software development environments, works unobtrusively to the developer and provides rapid feedback.
Functional Safety
Static analysis is an important technology for developing software that needs to achieve high levels of functional safety. CodeSonar is pre-qualified for the highest levels of safety for the IEC 61508, ISO 26262 and CENELEC EN 50128 standards by Exida. Artifacts for qualification according to DO-178C / DO-330 are also available.
Code Understanding
Finding problems is not sufficient, the developer needs to understand the problems that have been uncovered. CodeSonar provides comprehensive code understanding capabilities, helping developers understand and fix issues rapidly.
What is CodeSonar Static Analysis?
1. Textual Descriptions
Easy, clear textual descriptions describe what the problem is.
2. Path Visualization
Shaded background and annotations explain the defect path.
Team Support Built In
CodeSonar is designed to support large teams. Defects are persistent and tracked across builds, even if code changes. They can be annotated, ranked, assigned, searched for and compared. Support for many team-tools is provided out of the box.
Language Support
CodeSonar supports many popular languages, including C/C++, Java, C# and Android, as well as support for native binaries in Intel, ARM and PowerPC instruction set architectures. CodeSonar also supports OASIS SARIF, for exchange of information with other tools in the DevSecOps environment.
Security - Depth
GrammaTech SAST tools use the concept of abstract interpretation to statically examine all the paths through the application, understand the values of variables and how they impact program state.
Standards and Frameworks
Support for MISRA-C and MISRA-C++, AUTOSAR C++-14, CERT, DISA STIG, OWASP, CWE and many other standards.
Examples of Defects Detected
- Buffer over- and underruns
- Cast and conversion problems
- Command injection
- Copy-paste error
- Concurrency
- Ignored return value
- Memory leak
- Tainted data
- Null pointer dereference
- Dangerous function
- Unused parameter / value And hundreds more
Metrics and Trends
CodeSonar allows graphing of complexity and quality trends over time to give the management teams the information they need. Data can be visualized and interactively explored inside of the CodeSonar user interface, or programmatically exported via SARIF and/or XML to be used in third party dashboarding applications.
Scalability
CodeSonar is ultimately scalable, it can do quick scans on subsets of the code on developers desktops, deep and exhaustive checks including concurrency analysis during regression testing and anything in between. It supports incremental builds and analysis and can use highly parallel and distributed compute farms for work offloading. CodeSonar is able to adjust to your software development environment and process.
Key Features
- Eliminate security vulnerabilities
- Detect and correct multicore / multithread flaws
- Increase code quality and transparency with customized reports
- Audit code against coding standards and regulatory requirements
- Gain system understanding with code visualization
- Reduce the risk of shipping costly, defective, brand-damaging defects
- Improve team scalability and efficiency
Book An Evaluation
GrammaTech provides a no-cost evaluation to evaluate CodeSonar on your own code so you can start to see the benefits from first scan.
System Requirements
Host: Windows, Linux, FreeBSD, NetBSD
Hardware: 2+ Cores, 2+GB of RAM, 15+GB of disk
Compilers: Supports most popular and embedded compilers
Languages: C/C++, Java, C#, Binaries
Output: SARIF, XML, CSV, PDF, HTML
Supported Compilers: Apple xcode, ARM RealView, CodeWarrior, Clang, Free BSD, GCC, G++, Green Hills, HI-TECH, IAR, Intel C/C++, Microsoft Visual Studio, Renesas, Sun C/C++, Texas Instruments CodeComposer, Wind River, Most other compilers easily supported
