GrammaTech Provides Static Application Security Testing (SAST) for DoD Platform One

Posted on


Containerized, Hardened Version of CodeSonar Product is Available in DoD-approved Iron Bank DevSecOps Tools Repository


BETHESDA, Md., April 15, 2021 — GrammaTech, a leading provider of application security testing products and software research services, today announced that its CodeSonarSAST product has been accepted into the U.S. Department of Defense’s (DoD) “Iron Bank” repository and is now available through the U.S. Air Force Platform One application portal. GrammaTech CodeSonar is accessible to all DoD agencies in the form of a digitally signed, hardened binary container image for integration into DevSecOps pipelines.

“The modern battlefield requires secure software from endpoints such as radios, missiles, airplanes and tanks all the way through the network to the Command and Control (C2) of decision makers, wherever that may be. The DoD needs best-in-class solutions and processes to build and deploy this software,” said Nicolas Chaillan, Chief Software Officer, U.S. Air Force and Co-Lead for the DoD Enterprise DevSecOps Initiative. “GrammaTech CodeSonar has been a great solution to have within the Department of Defense. Having CodeSonar as a hardened container available in Iron Bank and Platform One will be invaluable in accelerating the shift to DevSecOps DoD-wide.”

Platform One provides valuable tooling, hosts CI/CD DevSecOps pipelines, and offers a secure Kubernetes platform for hosting microservices. Authorization to go live with new applications can be achieved faster than ever by using Iron Bank hardened containers and Platform One pipeline security tools. The resulting Certificate to Field (CtF) and Continuous Authority to Operate (Continuous ATO) provides developers the ability to push validated code into production on an ongoing basis. This results in shorter development cycles, less debugging, and more rapid feature development.

“GrammaTech has a long history of conducting software security research and providing security testing products for the DoD as well as other civil, defense, and intelligence agencies,” said Mike Dager, CEO of GrammaTech. “The addition of CodeSonar to Platform One provides DoD developers with a certified, powerful and automated solution that integrates seamlessly with their workflows to quickly find and remediate vulnerabilities in code before software is released.”

The CodeSonar platform was designed to implement security early and throughout the software development life cycle, without compromising innovation and time-to-market. CodeSonar integrates easily with toolchains, methodologies and processes, allowing organizations to develop and release high quality and secure software that is free from harmful defects and exploitable weaknesses which can cause system failures and security breaches.


CodeSonar is available immediately in Iron Bank and Platform One.

About GrammaTech

GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD with a Research and Development Center in Ithaca NY. Visit us at, and follow us on LinkedIn and Twitter.  

CodeSonar® is a registered trademark of GrammaTech, Inc.

Interested in trying CodeSonar for yourself?


Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US