Codesonar update

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Thursday, September 17, 2020

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

CodeSonar for Java and C#. Julia tools.

Expanding CodeSonar SAST Capabilities with Java and C#

Wednesday, August 05, 2020

GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …

Application Security Testing Techniques

Recommended Application Security Testing (AST) Techniques

Thursday, July 23, 2020

There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …

codesonar 5.3 features

Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization

Thursday, June 25, 2020

The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release of CodeSonar includes improvements …

static analysis for medical device applications

The Role Of Static Analysis In The EU Medical Devices Regulation (MDR)

Thursday, April 09, 2020

The move to digitization and automation is happening in the medical industry as it is in others – almost every medical device requires software. Wireless connectivity is becoming increasingly important in order to exchange data or connect sensors increasing the probability of security risks. The positive aspects of this shift to connectivity is better monitoring …

Bug injector research

GrammaTech Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper

Friday, March 27, 2020

During the International Working Conference on Source Code Analysis & Manipulation (SCAM), a GrammaTech research publication was awarded the Institute of Electrical and Electronics Engineers (IEEE) Computer Society TCSE (Technical Council on Software Engineering) Distinguished Paper Award. The paper, “Automated Customized Bug-Benchmark Generation,” describes Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. This work …

What is New In CodeSonar 5.2

What is New in CodeSonar 5.2

Thursday, December 05, 2019

GrammaTech’s recent release of CodeSonar, version 5.2, increases the coverage of industry coding standards, improved compiler support, further support for open standards and support for Power Architecture in our binary analysis. We have also revised our support for JuliaSoft for the latest release of their Java/C# analysis. Let’s look at these new features in a …

power architecture

CodeSonar Binary Code Analysis for Power Architecture

Sunday, November 10, 2019

GrammaTech is expanding support for CodeSonar for Binaries to include support for the Power architecture in addition to the existing support for x86 and ARM architectures. Power architecture is popular in many deeply embedded devices, especially with devices that use the Freescale family of PowerPC (PPC) based processors and MCUs. These processors and MPUs are …

CodeSonar to Evaluate Software for the 2019 CWE Top 25 Most Dangerous Software Errors

Using CodeSonar to Evaluate Software for the 2019 CWE Top 25 Most Dangerous Software Errors

Friday, November 01, 2019

The Common Weakness Enumeration (CWE) Top 25 most dangerous software errors, a.k.a., the CWE Top 25 is a list of the most common weaknesses that lead to security vulnerabilities. It is published on a regular basis by MITRE, as of this post, the most recent coming out in September 2019.  The CWE lists are based …

Static Analysis tool CodeSonar

How Sound Static Analysis Complements Heuristic Analysis

Wednesday, September 18, 2019

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very sophisticated abstract interpretation-like algorithms that reason about potential executions. Each approach has its strengths and weaknesses and often tools, like GrammaTech CodeSonar, use a combination …