Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. CODESECURE has been a leader in this field for over 30 years with CodeSonar delivering multi-language SAST capabilities for enterprises where software quality and software security matter.

CodeSonar automates both the detection and prevention of critical software defects and make sure the software adheres to following safety standards

• IEC 61508 - Functional Safety of Electric / Electrical / Programmable Electronic Safety-Related Systems
• ISO 26262 / ISO 21434 (Automotive software) - Road Vehicles Functional Safety
• DO 178C / DO 330 (Airborne systems) - Software Considerations in Airborne Systems and Equipment Certification / Software Tool Qualification Considerations
• IEC 62443 (Industrial systems) - Security for Industrial Automation and Control Systems
• IEC 62304 / ISO 13485 (Medical Devices) - Medical Device Software - Software Life Cycle Management / Medical Devices - Quality Management Systems. Requirements for Regulatory Purposes
• EN 50128 (Railway systems) - Railway Applications. Communication, Signaling, and Processing Systems. Software for Railway Control and Protection Systems

Central to each of these functional safety standards are safe and secure coding. Static analysis is a crucial capability in supporting all standards. Static analysis simplifies the enforcement of coding standards across teams, improving the overall compliance for a required certification standard as well as code quality. CodeSecure supports the following standards:

• AUTOSAR (AUTomotive Open System ARchitecture)
• DISA-STIG  (Security Technical Implementation Guide)
• ISO/IEC TS 17961  (C Secure Coding Rules Technical Specification)
• JPL (JPL Institutional Coding Standard for the C Programming Language)
• Power of Ten  (NASA Jet Propulsion Lab)
• MISRA  (Motor Industry Software Reliability Association)
• MITRE CWE  (Common Weakness Enumeration)
• OWASP  (Open Worldwide Application Security Project)
• CERT  (Software Engineering Institute Computer Emergency Response Team)
• JSF++  (Lockheed Martin Corporation)

Go beyond just finding problems to a deep understanding of where a warning comes from and what the risks are, even in code you did not write. In addition, CodeSonar provides whole-program SAST along with unique inspection reporting capabilities, helping developers understand, prioritize, and remediate issues rapidly.

CodeSonar supports many popular languages, including C/C++, Java, C# and Android, as well as support for native binaries in Arm instruction set architectures. CodeSonar also supports OASIS SARIF, for exchange of information with other tools in the DevSecOps environment.

CodeSonar enables the shift to DevSecOps by integrating with the most popular CI tools such as GitLab, GitHub, Jenkins and others. Managers can report on the application security state with their preferred reporting tool. Developers can view and remediate security issues and quality defects within their familiar CI/CD environments, and access more detailed information from CodeSonar with a single mouse click.