Recorded Event with Osterman: Exposing Software Supply Chain Security Blind Spots Watch Now

CodeSonar SAST IDE Integrations

SAST when Safety and Security Matter

CodeSonar SAST. Direct to Your Desktop

VS logo

GrammaTech provides SAST and SCA security testing products. Our SAST product – CodeSonar – is the favorite when code safety and security are important. CodeSonar integrates with the most popular Integrated Development Environments (IDE) on the market including Microsoft Visual Studio Code. These integrations shift left security and quality improvement by bringing the power of SAST and advanced static analysis directly to the developer. Finding and fixing software weaknesses as the code is developed greatly reduces the downstream costs of these vulnerabilities.

The CodeSonar integration with VS Code provides the following capabilities:

  • Import warnings using the open SARIF standardized format. CodeSonar exports its code warnings into a SARIF format that can be imported by Visual Studio Code.
  • View warnings in the editor as you would any other error or warning. These errors are displayed in the code view and in the warning panel typically below the code view. Clicking on a warning in the warning panel navigates to the line of code where the warning occurs, and displays CodeSonar annotations to help examine the warning.
  • Show the warning path with the events that lead to warning. The trace of the error is navigable within the SARIF Explorer panel. This greatly simplifies the analysis to determine the veracity of the warning.

CodeSonar Integration with Microsoft Visual Studio Code

CodeSonar has a lightweight yet highly functional interface with VS Code using SARIF as the exchange format. CodeSonar exports its code warnings into SARIF format that is imported into Visual Studio Code. At this point developers can view static analysis warnings in the problems pane. These warnings are investigated in the same manner as compilation warnings. The root cause of a warning is determined by reviewing the CodeSonar annotations. It’s also possible to explore results via SARIF explorer to get a larger picture of where problems reside in the code.

Book An Evaluation

GrammaTech provides a no-cost evaluation to evaluate CodeSonar on your own code so you can start to see the benefits from first scan.

System Requirements

Host: Windows, Linux, MacOS, Solaris, FreeBSD, NetBSD
Hardware: 2+ Cores, 2+GB of RAM, 15+GB of disk
Compilers: Supports most popular and embedded compilers
Languages: C/C++, Java, C#, Binaries
Output: SARIF, XML, CSV, PDF, HTML
Supported Compilers: Apple xcode, ARM RealView, CodeWarrior, Clang, Free BSD, GCC, G++, Green Hills, HI-TECH, IAR, Intel C/C++, MacOS, Microsoft Visual Studio, Renesas, Sun C/C++, Texas Instruments CodeComposer, Wind River, Most other compilers easily supported

Contact us to learn more about our integrations.

Contact GrammaTech