What is CodeSonar Static Analysis?

Product Overview

CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – identifying serious vulnerabilities or bugs that cause system failures, poor reliability, system breaches, or unsafe conditions.

CodeSonar finds more significant defects than other tools, through our innovations in concurrency analysis, tainted dataflow analysis, and comprehensive checkers.

CodeSonar, GrammaTech's flagship static analysis SAST tool, identifies bugs that can result in system crashes, unexpected behavior, and security breaches for a more secure Software Development Life Cycle (SDLC).

CodeSonar has been proven to provide the deepest static analysis, finding more critical defects than other static analysis tools on the market. CodeSonar has performed best on several static analysis tool benchmarks in finding static memory, resource management, concurrency, and other defects.

By analyzing both source code and binaries, CodeSonar enables teams to analyze complete applications, enabling you to take control of your software supply chain and eliminate the most costly and hard-to-find defects early in the SDLC.

CodeSonar extends team scalability, improves quality, and instills confidence.

CodeSonar Visualization Graph

Enjoy the Benefits of the Deepest Static Analysis

Employ Sophisticated Algorithms

CodeSonar performs a unified dataflow and symbolic execution analysis that examines the computation of the entire program. The approach does not rely on pattern matching or similar approximations. CodeSonar’s deeper analysis naturally finds defects with new or unusual patterns.

Comply with Coding Standards

CodeSonar supports compliance with standards like MISRA C:2012, IS0-26262, DO-178B/C, US-CERT’s Build Security In, and MITRE’S CWE.

Analyze Millions of Lines of Code

CodeSonar can perform a whole-program analysis on 10M+ lines of code. Once an initial baseline analysis has been performed, CodeSonar’s incremental analysis capability makes it fast to analyze daily changes to your codebase. The anlaysis can run in parallel to take best advantage of multi-core environments

Analyze Third-Party Code

CodeSonar’s Integrated Binary Analysis finds security vulnerabilities from libraries or other third-party code without access to source code.

Improve Your Efficiency

Collaborate with Teams

Automation features enable large teams to work together in a coordinated way. For example, it’s easy to manage warnings across different project versions or development branches. A Python API supports customization & integration with other tools.

View Quality Trends

Graphs display data to help you manage development and testing efforts.

Software Architecture Visualization

Visualizing your code makes it easy to uncover and understand relationships between different elements in the code. Visual Taint Analysis allows you to quickly spot the source of potentially dangerous information flows.

Reduce the Cost of Development

Identifying and eliminating defects throughout the development cycle will help you ship on-time without business risks and liabilities.

Customize Your Analysis

Custom Checks

New checks can be created easily with the included C API. Many built-in checks can be configured according to local requirements.

Custom Metrics

Out of the box, CodeSonar can compute N different code metrics. You can also use the API to define custom metrics.


Watch static analysis in action.

Begin Your Free Trial

Download Datasheet

Contact Sales

Browse Resources

Key Features:

Supported Languages:

Supported Platforms:

  • Windows
  • Linux
  • FreeBSD
  • NetBSD
  • MacOS

Supported Compilers:

  • Apple xcode
  • ARM RealView
  • CodeWarrior
  • Free BSD
  • GCC
  • G++
  • Green Hills
  • IAR
  • Intel C/C++
  • MacOS
  • Microsoft Visual Studio
  • Renesas
  • Sun C/C++
  • Texas Intruments CodeComposer
  • Wind River
  • Most other compilers easily supported
Analyze Source AND Binary Code for secure SDLC

Analyze Complete Systems

Analyze 3rd-party libraries, drivers, and middleware using CodeSonar’s Mixed-Mode. » Learn more

GrammaTech CodeSonar Secure SDLC

Gain Powerful Insights

Understand large systems through CodeSonar's code visualization.
» Learn more

Perform Static Application Security Testing (SAST) for secure SDLC

Perform SAST

Use CodeSonar for comprehensive static application security testing.
» Learn more

Remediate Defects for secure SDLC

Remediate Defects

Find and fix software defects that cause system crashes and security breaches. » Learn more


Latest White Papers:


See all GrammaTech White Papers

More bugs found. More lives saved. More hacks prevented.

Begin Your Free Trial