GrammaTech CodeSonar

CodeSonar C#

CodeSonar Java

CodeSonar for Binaries

CodeSentry Datasheet

CodeSentry Binary Software Composition Analysis

Case Studies

Micrel Medical

When it came time to choose a static analysis tool, Micrel chose CodeSonar, impressed by CodeSonar's accuracy and quality of defect identification compared to the competition.

Crank Software

To enhance quality and security, Crank's teams are now using CodeSonar to more efficiently find and fix quality and security issues within their code.

Sypris Electronics

Extensibility was a key reason Sypris adopted CodeSonar – it can easily be configured or customized to enforce specific or unusual coding policies required.

NASA

To boost the reliability of the Curiosity Mars rover, NASA used advanced static analysis from GrammaTech.

FDA

The FDA recommends the use of static analysis tools to help manufacturers eliminate software defects during development. The FDA itself also uses CodeSonar to test medical devices.

Boston Scientific

One of the world's largest medical device companies, Boston Scientific thought no automated tool provided the checks they needed until they started working with CodeSonar.

Bay Computer Associates

Bay Computer adopted CodeSonar because it could be configured easily to fit the company's workflow and had a strong reputation in the medical device industry.

Vivante

Vivante's integration of CodeSonar into their test and QA process help them maintain the highest standard of quality while maximizing developer efficiency to solve code problems.

Critical Link

Critical Link uses CodeSonar for the automated static analysis component of their company-wide quality control processes.

Harvard Apparatus

Harvard adopted CodeSonar after finding that it found more real issues than other automated tools and returned information in a way that made it easy to locate and fix problems.

NASA

CodeSonar is used to improve software quality for human spaceflight, space science, and earth science missions that depend on NASA's satellite telecommunications network.

Allworx

Allworx uses CodeSonar to improve system reliability and stability in VoIP phone systems.

Viveris

Viveris uses GrammaTech CodeSonar to dramatically improve the ef ciency of software developers working on customers projects, while delivering higher security from the early start of the Software Development Lifecycle.

LACROIX Sofrel

LACROIX SOFREL specializes in the design and construction of telemetry and SCADA (supervisory control and data acquisition) products for district metering and leak detection on water supply networks.

Telit

Telit has integrated CodeSonar into their software development processes, which include build and integration work ows using Gerrit, Jenkins and Git.

Stoneridge

Stoneridge has integrated CodeSonar® into two core software development areas – MirrorEye® and instrument clusters.

Piper Networks

In looking for a SAST vendor, Piper needed a tool that could keep their codebase clean and manage the latest developments in safety.

Whitepapers

The Role of Static Analysis in Management of Cybersecurity in Medical Devices

This paper describes how static analysis plays a key role in risk management of medical device software development.

Making Safety-Critical Software Development Affordable with Static Analysis

With the growing reliance on software, the code size for safety-critical software has skyrocketed. This paper describes how to use static analysis tools to tackle the growing software affordability concern.

Addressing IoT's Impact on Software Engineering

This paper discusses IoT development best practices and will help you understand how CodeSonar can help protect your company from IoT security risks.

Measuring the Value of Static Analysis Tool Deployments

This paper presents a model for computing the value of using a static analysis tool. Using inputs such as engineering effort, the cost of an exploited security vulnerability, and some easily-measured tool properties, the model allows users to make rational decisions about how best to deploy static analysis.

Reduce Automotive Software Failures with Static Analysis

This paper describes how to produce reliable safety-critical automotive software, using static analysis to find important defects that are missed during other V&V activities.

A Four-Step Guide to Security Assurance for IoT Devices

How do device software processes evolve to better protect our next-generation IoT devices? This paper describes a four-step plan that includes next-generation software assurance and a "security-first" methodology.

Protecting Against Tainted Data in Embedded Applications with Static Analysis

This paper describes how a static analysis technique called taint analysis can be used to find how potentially hazardous inputs can flow through a program to reach sensitive parts of code, empowering developers to identify and eliminate these dangerous vulnerabilities effectively.

Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.

How Static Analysis Protects Critical Infrastructure from Cyber Threats

This paper will help developers of embedded and IoT systems learn how to build-in security and safeguards that are resistant to human error, natural disaster, and cyber attacks.

Finding Concurrency Errors with GrammaTech Static Analysis

This paper describes some common concurrency pitfalls and explains how static analysis with CodeSonar can help find such defects without executing the program.

Machine Learning for Finding Programming Defects and Anomalies

This paper describes how the machine learning technique works and shows how it was able to find several previously unknown bugs in high-profile software systems with high precision (i.e., few false positives).

How to Avoid Common Pitfalls in MISRA Compliance

This whitepaper describes how to use the MISRA C:2012 standard to reduce the risks of the C programming language by prohibiting the more unsafe practices used in programming with it.

Embedded Software Design: Best Practices for Static Analysis Tools

This paper reviews a number of growing complexities that embedded software development teams are facing, including the proliferation of third-party code, increased pressures to develop secure code, and the challenges of multi-threaded applications.

Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

In this report, GrammaTech explains how cybercrime inside a company works and shares examples of potential backdoors.

Detecting Domain-Specific Coding Errors with Static Analysis

This paper describes how custom domain-specific checkers can be used to improve software quality in complex embedded systems.

Advanced Static Analysis for C++

Early generation and free static analysis tools are now primitive, as advanced tools like CodeSonar vastly outperform them. This paper describes the key differences.

Advanced Driver Assistance Systems (ADAS), Safety, and Static Analysis

This paper discusses the role of static analysis tools within the development of an ADAS system, including the return on investment (ROI) for adopting them.

New Approaches Needed for Medical Device Software Development

This paper discusses how to manage the evolving software supply chain risks in patient-critical systems, an increasingly critical part of medical device software development.

Software Forensics

This paper discusses how static analysis is an important tool in software forensics, and how hybrid source and binary code analysis can be applied and the advantages to investigation efficiency.

Accelerating Software Safety with MISRA and Static Analysis

This paper discusses how advanced static analysis tools are desirable in the complex software development process in order to reduce risk, costs, and time to market.

Simplifying DO-178B/C Certification with GrammaTech's CodeSonar

This paper describes how GrammaTech’s CodeSonar® can be used to support an organization’s DO-178B activities.

Bug Injector: Generation of Cyber-Defense Evaluation Benchmarks

Computational systems are increasingly ubiquitous, networked, and subject to attack. The rise of cyber-attacks has spurred research and development of cyber- defensive tools. This report details Bug Injector, which automates benchmark construction, and will permit more thorough and customized evaluation of commercial products and research results at a lower cost.

Enhancing Code Reviews with Static Analysis

This paper discusses how static analysis tools provide an ideal (and automated) companion to code reviews by supporting the process and increasing the defect removal rate.

Static Analysis and Railway Safety-Critical Software

This paper discusses safety-critical software affordability and how static analysis tools like GrammaTech’s CodeSonar increase developer productivity and satisfy various IEC 61508 and IEC 62443 requirements.

Integrating Static Application Security Tools (SAST) in DevSecOps

This paper takes a look at the role of static application security testing tools (SAST) and in particular GrammaTech CodeSonar and how it can be used in DevSecOps and continuous development pipelines to improve quality and security and ultimately, make teams more competitive in getting market leading solutions out the door quicker.

Using Static Analysis for Overlapping Safety and Security Requirements for Medical Devices

Software and embedded systems used in medical devices are subject to strict and varied regulations. New medical device regulation will not make the overall situation clearer. This white paper discusses achieving compliance with the use of static code analysis while improving productivity and reducing compliance effort.

Easing the Adoption of Static Analysis into Existing Projects

The adoption of any new tool into an existing Software Development Process with an established code base is always a challenge. This paper is aimed at reducing the initial shock and help the development team to improve quality and security efficiently.

DevSecOps in Safety Critical Avionics Software and the Role of Static Analysis

This paper explores how static application security testing tools (SAST) and in particular GrammaTech CodeSonar can be used in DevSecOps for safety critical avionics.

Designing Security into Medical Device Software

With the recent increased connectivity of devices, security researchers have found security lacking in medical devices, with one recent example finding over 1400 security vulnerabilities in a commonly-used infusion pump. This paper discusses how to refocus medical device development to include security as a key factor, in addition to safety.

A Practical Approach to DevSecOps

This paper is aimed at helping to understand how the transition to DevSecOps need not be traumatic and that a cautious approach that leverages state of the art tools and techniques can be helpful - a practical approach to DevSecOps.

DevSecOps in DOD Mission Critical Software and the Role of SAST and SCA

Videos

Narrow-Solution Static Analysis Tools vs. CodeSonar

Static analysis tools range widely in scope.

An Interview with GrammaTech's David Hauck

David Hauck discusses cyber security and the immense impact of the Internet of Things (IoT).

Team TECHx: DARPA's Cyber Grand Challenge

Take an insider's look into our team as they prepared for the competition.

Software Assurance and Software Hardening

Source code analysis, binary code analysis, tainted data analysis, sophisticated multicore analyses, and more.

Five Minutes with GrammaTech CEO, Tim Teitelbaum

Embedded Computing Design interviews Teitelbaum about participation in DARPA's Cyber Grand Challenge.

What is Autonomic Computing?

Autonomic computer systems can detect, assess, and recover from cyber-attacks, all without human intervention or insight.

How Does CodeSonar Find More Real Bugs?

GrammaTech VP of Engineering Paul Anderson discusses CodeSonar's advanced static analysis engine.

Performing a Security Audit with CodeSonar

In this tutorial, we describe how to approach security auditing, using CodeSonar.

Don't leave your device software open to failure

Learn about GrammaTech's advanced technologies, services, and software-assurance solutions on the cutting edge of IoT.

CodeSonar for Binaries

Now you can find vulnerabilities in software even if you don't have access to the source code.

CodeSonar for Java

Software Engineer John Von Seggern demonstrates some of the capabilities of GrammaTech's Java analysis, within CodeSonar®'s advanced user interface.

Software Visualization

Software Visualization Engineer Travis Hidlay demonstrates some of the new features of CodeSonar®'s software visualization technology.

CodeSonar Overview

CodeSonar® is a sophisticated static analysis tool for C, C++, and Java source code, that detects bugs in safety-critical code that other source code analysis tools miss.

CodeSonar Binary Analysis: Library demonstration

In this demonstration GrammaTech CodeSonar binary analysis is used to analyze an external library used in a project.

Protect Your Software Supply Chain

In the increasingly fast-paced world of software development, leveraging third-party code can be a powerful shortcut. But are you taking into account the added risks?

GrammaTech CodeSonar

CodeSonar® is a sophisticated static analysis tool for source code and binary code, that detects bugs and security vulnerabilities that other static analysis tools miss.

Tainted Data Analysis in CodeSonar

What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application?

Our Experience in DARPA's Cyber Grand Challenge

Dr. David Melski, our VP of Research and PI for DARPA's CGC, gives a lecture to students at Cornell University about building bot Xandra that competed as Team TECHx in DARPA's Cyber Grand Challenge.

CodeSonar’s Visual Tainted Data Analysis

CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.