Webinar with Jim Routh former CISO on Software Supply Chain Security Watch Now

CodeSonar SAST Microsoft Visual Studio Integration

SAST when Safety and Security Matter

CodeSonar SAST. Direct to Your Desktop

VS logo

GrammaTech provides SAST and SCA security testing products. Our SAST product – CodeSonar – is the favorite when code safety and security are important. CodeSonar integrates with the most popular Integrated Development Environments (IDE) on the market such as Micrsoft Visual Studio. These integrations shift left security and quality improvement by bringing the power of SAST and advanced static analysis directly to the developer. Finding and fixing software weaknesses as the code is developed greatly reduces the downstream costs of these vulnerabilities.

CodeSonar integration with Visual Studio provides the following capabilities:

  • Menu and toolbar for quick access to the CodeSonar features in Visual Studio.
  • View warnings in the editor as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to additional CodeSonar features such as setting priority and state information.
  • Show the warning path with the events that lead to warning. The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.
  • Perform permanent assessments on the warnings once the priority and accuracy of the warning has been determined. Any settings given to the warnings are persistent in the CodeSonar database in the same manner as the web UI.
  • List active warnings to perform further investigation on project wide analysis. It’s then possible to open the web UI for CodeSonar to perform required actions as needed.
  • Kick off builds and new analyses within the IDE to make it quick and easy to see updated results based on recent fixes or code changes. This is a great way to ensure code has been analyzed and fixed before submitting to a build or source control.
  • Results are automatically synchronized with a CodeSonar Hub, enabling the development team to manage results in a coordinated way.

 

CodeSonar Integration Microsoft Visual Studio

The key to integrating static analysis into any IDE is to follow the conventions for error and warning reporting of the platform. In this case, CodeSonar reports static analysis warnings in the same manner as the compiler does within VisualStudio but marked with a small GrammaTech logo.

Menu and toolbar integration allow for quick access to the CodeSonar features in Visual Studio. Warnings are viewed in the editor as you would any other error or warning. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to other features of CodeSonar.

Book An Evaluation

GrammaTech provides a no-cost evaluation to evaluate CodeSonar on your own code so you can start to see the benefits from first scan.

System Requirements

Host: Windows, Linux, MacOS, Solaris, FreeBSD, NetBSD
Hardware: 2+ Cores, 2+GB of RAM, 15+GB of disk
Compilers: Supports most popular and embedded compilers
Languages: C/C++, Java, C#, Binaries
Output: SARIF, XML, CSV, PDF, HTML
Supported Compilers: Apple xcode, ARM RealView, CodeWarrior, Clang, Free BSD, GCC, G++, Green Hills, HI-TECH, IAR, Intel C/C++, MacOS, Microsoft Visual Studio, Renesas, Sun C/C++, Texas Instruments CodeComposer, Wind River, Most other compilers easily supported

Contact us to learn more about our integrations.

Contact GrammaTech