GrammaTech Static Application Security Testing (SAST) Platform Extends DevSecOps to Embedded Software Development

Posted on


CodeSonar Provides Native Integration with GitHub Actions, and helps Enforces Industry Specific Security and Safety Standards

codesonar61 copy

BETHESDA, Md., Aug. 18, 2021 — GrammaTech, a leading provider of application security testing products and software research services, today announced the latest version of CodeSonar which automates the detection of coding defects to accelerate the implementation of DevSecOps methodologies in embedded software development pipelines. CodeSonar now supports all leading development languages (C, C++, C# and Java) in one unified platform and integrates with GitHub Actions to provide native static application security testing (SAST) capabilities for embedded code. The new version also includes built-in industry specific reports for security (CERT, OWASP) and safety (AUTOSAR, MISRA and more.)

Comprehensive DevSecOps for Embedded Applications

Embedded software supports critical functions in industrial, automotive, aerospace, military and defense systems where failure is not an option. Ensuring the quality, security and safety of these systems begins with software development. CodeSonar provides transparent SAST capabilities that integrate with existing CI/CD pipelines, such as GitLab, Jenkins and GitHub, to automate the detection and remediation of coding defects throughout the software development lifecycle.

Iris ID, a leading developer and driver of the commercialization and adoption of iris technology, is using CodeSonar to support DevSecOps for a global team of developers to continuously ensure security and improve quality. “With CodeSonar, our developers can look at the code together, discuss the issues and understand why they were found so they can be quickly fixed,” said Jun Hong, Chief Technology Officer for Iris ID. “It has enabled us to make secure coding fundamental to the delivery of our products.”

In addition to existing integrations with Jenkins and GitLab, CodeSonar now integrates with GitHub Actions to provide developers a seamless DevSecOps experience. CodeSonar delivers SAST results directly into the GitHub code scanning UI, enabling development teams to shift left without disruption to their software development life cycle.

CodeSonar integration with GitHub Actions provides the developer community with additional options for adding SAST analysis directly into development workflows and pipelines. By specializing in SAST for embedded software development, CodeSonar enables developers using GitHub to focus on industry specific coding standards where security and functional safety are essential.

The new version of CodeSonar provides the following capabilities and benefits:

• Industry leading language support in a single platform for C, C++, C# and Java that eliminates the need for multiple tools and provides a familiar user experience for all CI/CD pipelines
• Support for security standards maps CERT rules and OWASP rules for C#, C/C++ and Java to CodeSonar warning classes to automate the detection of common coding errors
• Built-in, industry-specific reports identify safety defects for automotive, aviation, government and other sectors and include AUTOSAR C++, Build-Security-In (BSI), Jet Propulsion Lab (JPL), MISRA C/C++, and NASA Power of 10
• Support for the ODBC library automates the detection of resource leaks, null pointer dereference, unreachable code, etc.
• Variable naming checker for C++ enforces coding style standards to improve code readability and reduce errors


“Embedded application development teams in the same organization often use different languages depending on the product they are working on, and in most industries must comply with specific safety and security standards,” said Vince Arneja, Chief Product Officer for GrammaTech. “CodeSonar now provides comprehensive language support as well as standards compliance tools in one unified platform that is both automated and transparent for end users. With integrations to CI/CD solutions like GitHub Actions, we make it easy for development teams to accelerate the adoption of DevSecOps.”  

Availability and Upcoming Webinar

GrammaTech CodeSonar 6.1 is available immediately from GrammaTech and its business partners worldwide. To learn more about CodeSonar, register here and join the GrammaTech webinar, “DevSecOps for Embedded Software Development” on August 25th at 12:00PM ET.

About GrammaTech

GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy, an educational resource for software developers. Visit us at, and follow us on LinkedIn and Twitter.  

CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.

Interested in trying CodeSonar for yourself?


Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US