Product Overview of CodeSonar
What CodeSonar Does
CodeSonar, developed by GrammaTech, is a robust static application security testing (SAST) tool designed to identify and address critical defects, security vulnerabilities, and compliance issues in software code. It is particularly tailored for environments where software quality, safety, and security are paramount.
Key Features and Functionality
Depth of Analysis
CodeSonar stands out for its deep code analysis capabilities, including control flow and data flow analysis. This allows it to detect errors that other static code analysis tools may miss, such as those affecting multiple functions across different files. It provides detailed information on the sequence of function calls and the specific statements and conditions where errors occur.
Scalability and Performance
CodeSonar is highly scalable and can perform incremental analysis, making it efficient for daily code changes. It leverages multi-core environments to run analyses in parallel, ensuring fast and comprehensive coverage without requiring any changes to the existing build system or source code.
Functional Safety and Compliance
The tool offers enhanced support for various safety and security standards, including MISRA C/C , AUTOSAR C 14, IEC 61508, ISO 26262, and CENELEC EN 50128. This makes it an ideal choice for developing software that must adhere to stringent safety and security regulations.
Advanced Parsing and Visualization
CodeSonar has improved support for C 20 and compatibility with non-standard C language dialects understood by modern compilers like Clang and GCC. The HTML5 visualization tool provides a clear and interactive way to understand code relationships and defect paths, along with a search feature for easier navigation.
Tainted Data Tracking
The tool includes advanced tainted data tracking capabilities, especially for structs and classes, which helps in identifying potential security vulnerabilities more accurately.
Custom Checks and Integrations
CodeSonar allows users to create custom checks using its C API, and it integrates seamlessly with other development tools and workflows. This includes integrations with DevSecOps pipelines, enabling security to be a critical part of the development process without disrupting existing workflows.
Usability and Configuration
The latest versions of CodeSonar offer significant usability improvements, including pre-set configurations that can be selected at install time, reducing the need for manual configuration at analysis time. The tool also supports various operating systems, such as Android and NetBSD 8.
Code Metrics and Defect Trends
In addition to identifying critical defects, CodeSonar provides code-level metrics and displays defect trends through graphs. This helps in managing development and testing efforts more effectively.
Overall, CodeSonar is a powerful and versatile tool that enhances software quality, security, and compliance by performing deep and comprehensive static code analysis, making it a valuable asset for any development team.