Just Released: CodeSonar 5.3. Learn More


What is CodeSonar Static Analysis?

Product Overview

CodeSonar empowers teams to quickly analyze and validate source and binary code, identifying serious vulnerabilities that could lead to system failures, poor reliability, system breaches, or unsafe conditions.

CodeSonar finds more significant defects than other tools with a suite of comprehensive checkers that incorporate innovations in concurrency analysis and tainted dataflow analysis.

CodeSonar has been proven to provide the deepest static analysis, finding more critical defects than other static analysis tools on the market. CodeSonar has performed best on several static analysis tool benchmarks, most notably at finding bugs in the use of static memory, resource mismanagement, and concurrency defects.

By analyzing both source code and binaries, CodeSonar enables teams to analyze complete applications, enabling you to take control of your software supply chain and eliminate the most costly and hard-to-find defects early in the SDLC.

CodeSonar extends team scalability, improves quality, and instills confidence.

CodeSonar Visualization Graph

Enjoy the Benefits of the Deepest Static Analysis

Employ Sophisticated Algorithms

CodeSonar performs a unified dataflow and symbolic execution analysis that examines the computation of the entire program.

Comply with Coding Standards

CodeSonar supports compliance with standards like MISRA C:2012, IS0-26262, DO-178B/C, JPL, Power of 10, or ISO/IEC TS 17961. CodeSonar's warning classes also support several coding initiatives, including MITRE's CWE, in order to make compliance with industry standards efficient and effective during software development.

Analyze Millions of Lines of Code

CodeSonar can perform whole-program analysis on 10M+ lines of code. Once an initial baseline analysis has been performed, CodeSonar’s incremental analysis capability makes it fast to analyze daily changes to your codebase. The analysis can run in parallel to take best advantage of multi-core environments.

Analyze Third-Party Code

CodeSonar’s Integrated Binary Analysis finds security vulnerabilities from libraries or other third-party code without access to source code.

Improve Your Efficiency

Collaborate with Teams

Automation features enable large teams to work together in a coordinated way. For example, it’s easy to manage warnings across different project versions or development branches.

View Quality Trends

Graphs of a number of types of data can be graphed on many different scales and display data to help you manage development and testing efforts.

Software Architecture Visualization

Visualizing your code makes it easy to uncover and understand relationships between different elements. Visual Taint Analysis allows you to quickly spot the source of potentially dangerous information flows.

Reduce the Cost of Development

Identifying and eliminating defects throughout the development cycle will help you ship on time without business risks and liabilities.

Customize Your Analysis

Custom Checks

New checks can be created easily in a comprehensive CodeSonar API available in C++, Python, and C. Many built-in checks can be configured according to local requirements.

Custom Metrics

Out of the box, CodeSonar can compute many different code metrics. You can also use the API to define custom metrics.


Watch static analysis in action.

Begin Your Free Trial

Download Datasheet

Contact Sales

Browse Resources

Key Features:

Supported Languages:

  • C
  • C++
  • C#
  • Java
  • Binaries: Intel x86 and x64 and ARM 32 bit.

Supported Platforms:

  • Windows
  • Linux
  • FreeBSD
  • NetBSD
  • MacOS

Supported Compilers:

  • Apple xcode
  • ARM RealView
  • CodeWarrior
  • Clang
  • Free BSD
  • GCC
  • G++
  • Green Hills
  • IAR
  • Intel C/C++
  • MacOS
  • Microsoft Visual Studio
  • Renesas
  • Sun C/C++
  • Texas Instruments CodeComposer
  • Wind River
  • Most other compilers easily supported
Analyze Source AND Binary Code for secure SDLC

Analyze Complete Systems

Analyze 3rd-party libraries, drivers, and middleware using CodeSonar’s Mixed-Mode. » Learn more

GrammaTech CodeSonar Secure SDLC

Gain Powerful Insights

Understand large systems through CodeSonar's code visualization.
» Learn more

Perform Static Application Security Testing (SAST) for secure SDLC

Perform SAST

Use CodeSonar for comprehensive static application security testing.
» Learn more

Remediate Defects for secure SDLC

Remediate Defects

Find and fix software defects that cause system crashes and security breaches. » Learn more


Latest White Papers:


See all GrammaTech White Papers

More bugs found. More lives saved. More hacks prevented.

Begin Your Free Trial