CodeSonar is CodeSecure's flagship static analysis software. It is specifically designed for zero-tolerance defect
environments. With its advanced static analysis engine, CodeSonar is one of the most effective tools for eliminating
the most costly and hard-to-find software defects early in the application development lifecycle.
Compared with other tools, CodeSonar identifies twice as many defects that result in system crashes, leaks, data races, memory corruption and security vulnerabilities.
Pinpoints the Critical Problems
CodeSonar identifies problems that developers care about finding, like data races, deadlock, buffer overruns, leaks, null pointer dereferences, and uninitialized variables.
Designed for High Assurance
CodeSonar is built for analyzing mission-critical applications, where reliability and security are paramount
Improves Security
CodeSonar finds vulnerabilities and supports security-related standards like US-CERT's Build Security In and MITRE's CWE
Supports Custom Checks
New checks can be created easily with the included C API
Analyzes Millions of Lines of Code
CodeSonar can perform a whole-program analysis on 10M+ lines of code. Once an initial baseline analysis has been performed, CodeSonar's incremental analysis capability makes it fast to analyze daily changes to a codebase. The analysis can run in parallel to take advantage of multi-core environments
Employs Sophisticated Algorithms
CodeSonar performs a unified dataflow and symbolic execution analysis that examines the computation of the entire program. The approach does not rely on pattern matching or similar approximations. CodeSonar's more general analysis naturally finds defects with new or unusual patterns.
Works Out of the Box
No changes to the source code or existing build system are required.
Shows Code-Level Metrics
CodeSonar is focused on finding critical defects, but it also provides code metrics. You can even define custom metrics.
Shows Defect Trends
Graphs display data to help you manage development and testing efforts.
Provides Architecture Visualization
Smooth and scalable architecture visualization features make it easy to understand relationships between different elements in the code.
CodeSonar - Static Application Security Testing
MISRA
AUTOSAR
ISO 26262
IEC 62304
CWE
CERT
DISA-STIG
IEC 61508
EN 50128
ISO/IECTS 17961
JSF++
OWASP
IEC 62443
DO-178C
DO-330
ISO 13485
Power of Ten
JPL
Some of the checks.
Data Race
Deadlock
Buffer Overrun
Null-Pointer Dereference
Divide by Zero
Uninitialized Variable
Free Non-Heap Variable
Use After Free
Double Free/Close
Format String Vulnerability
Unreachable Code
Resource Leak
Return Pointer to Local
Dangerous Function Cast
Misuse of Libraries
Security Vulnerabilities
User-Defined Checks
Many More...
Technical Highlights
Symbolic execution engine
Scalable
Incremental analysis capability
Browser-based user interface Management reports
Extensible analysis engine
Easy setup requires no changes to build environment
CodeSonar Safety Documentation Kit
Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. CODESECURE has been a leader in this field for over 30 years with CodeSonar delivering multi-language SAST capabilities for enterprises where software quality and software security matter.
