CodeSonar SAST GitLab Integration

SAST when Safety and Security Matter

  CodeSonar SAST. GitLab UI.

C sharp icon

GrammaTech provides SAST and SCA security testing products. Our SAST product – CodeSonar – is the favorite when code safety and security are important. CodeSonar integrates directly into the GitLab CI pipeline to detect zero-day vulnerabilities. CodeSonar scan results are available in the GitLab Merge Requests, GitLab Security Dashboard and can be assigned as a GitLab Issue. Product development teams looking to shift left without disruption to their SDLC now have a seamless GitLab CI/CD integration.

Download Integration Instructions

Continuous Integration Enabled by GitLab

Integrate CodeSonar’s Application Security Testing into GitLab’s pipeline to enable developers to find and fix security vulnerabilities from inside the familiar GitLab UI. With each merge request, CodeSonar will automatically analyze your code and return any vulnerabilities found via the GitLab SAST interface. Use the GitLab Security Dashboard to get an overview on the security of your code, and the Vulnerability Report drill down to find the details.

CodeSonar Analysis Vulnerability Summary

A summary of vulnerabilities detected by CodeSonar can be viewed directly in the GitLab Merge Request, so you can quickly see what new security issues have been detected in your project by CodeSonar. The information provided includes both a summary by Warning Severity and by Warning Class.

Detailed Warning View

Sometimes you need more info to determine how to handle a particular warning. With CodeSonar and GitLab this is easy – the CodeSonar warning message can be viewed directly in GitLab, and the detailed warning reports provided by CodeSonar with annotated source code is just a mouse click away – no copy and pasting or searching for line numbers.

Review CodeSonar Warnings in GitLab Vulnerability Reports

CodeSonar now enables developers to work with detected vulnerabilities right in the GitLab UI – you can review a warning, create a GitLab issue and assign it to a developer without ever leaving GitLab.  In addition, you can dismiss vulnerabilities, and CodeSonar’s fingerprinting technology ensures that GitLab won’t ever show them to you again.

Book A Demonstration

The best way to try a SAST solution is to run it on your own codebase and review the warnings it issues. Book a demo and learn how GrammaTech technology can rapidly improve your software development capability.