Webinar with VDC Research 6/22 | Software Supply Chain Security – Ignorance Is No Longer Bliss Register Now

CodeSonar SAST Eclipse IDE Integration

SAST when Safety and Security Matter

CodeSonar SAST. Direct to Your Desktop

GrammaTech provides SAST and SCA security testing products. Our SAST product – CodeSonar – is the favorite when code safety and security are important. CodeSonar integrates with the most popular Integrated Development Environments (IDE) on the market such as the Eclipse IDE. These integrations shift left security and quality improvement by bringing the power of SAST and advanced static analysis directly to the developer. Finding and fixing software weaknesses as the code is developed greatly reduces the downstream costs of these vulnerabilities.

The CodeSonar integration with Eclipse provides the following capabilities:

  • Menu and toolbar for quick access to the CodeSonar features in Eclipse.

    View warnings in the editor as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to additional CodeSonar features such as setting priority and state information.

    Show the warning path with the events that lead to warning. The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.

    Perform permanent assessments on the warnings once the priority and accuracy of the warning has been determined. Any settings given to the warnings are persistent in the CodeSonar database in the same manner as the web UI.

    List active warnings to perform further investigation on project wide analysis. It’s then possible to open the web UI for CodeSonar to perform required actions as needed.

    Kick off builds and new analyses within the IDE to make it quick and easy to see updated results based on recent fixes or code changes. This is a great way to ensure code has been analyzed and fixed before submitting to a build or source control.

    Results are automatically synchronized with a CodeSonar Hub, enabling the development team to manage results in a coordinated way.

CodeSonar Plugin for Eclipse

Developers can use CodeSonar’s Eclipse plug-in to run a CodeSonar analysis from within Eclipse, allowing them to examine their code on the desktop and fix issues before check-in. CodeSonar’s warnings for C/C++ and Java code now viewable within Eclipse.

Book An Evaluation

GrammaTech provides a no-cost evaluation to evaluate CodeSonar on your own code so you can start to see the benefits from first scan.

System Requirements

Host: Windows, Linux, MacOS, Solaris, FreeBSD, NetBSD
Hardware: 2+ Cores, 2+GB of RAM, 15+GB of disk
Compilers: Supports most popular and embedded compilers
Languages: C/C++, Java, C#, Binaries
Output: SARIF, XML, CSV, PDF, HTML
Supported Compilers: Apple xcode, ARM RealView, CodeWarrior, Clang, Free BSD, GCC, G++, Green Hills, HI-TECH, IAR, Intel C/C++, MacOS, Microsoft Visual Studio, Renesas, Sun C/C++, Texas Instruments CodeComposer, Wind River, Most other compilers easily supported

Contact us to learn more about our integrations.

Contact GrammaTech