New Release!

GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps

Monday, January 17, 2022

Ready for DevSecOps GrammaTech’s CodeSonar static application security testing (SAST) solution already has great integrations with the tools our customers rely on to develop software today. This release of CodeSonar adds new features and functionality making it easier for you to achieve DevSecOps, while helping you accelerate the delivery of quality, safe and secure code …

software testing team at work

The Dangers of Copy and Paste

Thursday, November 04, 2021

INTRODUCTION: Copying and pasting code (“copy-paste”) is a primitive but very common form of software re-use. Unfortunately, this practice is fraught with dangers not least of which is duplicating bugs and security defects throughout the system. While the degree to which copy-paste, as a general code construction technique, should be allowed or disallowed is debatable, …

software supply chain

VDC Research Study Finds Only Half of IoT Projects are Testing for Software Security

Thursday, May 13, 2021

Yet the Increased Use of Third Party Components in Supply Chains Creates Hidden Attack Vectors   BETHESDA, Md., May 12, 2021 — GrammaTech, a leading provider of application security testing products and software research services, today released the findings from a research survey conducted by VDC Research on the state of software supply chain security testing. …

Codesonar update

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Thursday, September 17, 2020

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

CodeSonar for Java and C#. Julia tools.

Expanding CodeSonar SAST Capabilities with Java and C#

Wednesday, August 05, 2020

GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …

Bug injector research

GrammaTech Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper

Friday, March 27, 2020

During the International Working Conference on Source Code Analysis & Manipulation (SCAM), a GrammaTech research publication was awarded the Institute of Electrical and Electronics Engineers (IEEE) Computer Society TCSE (Technical Council on Software Engineering) Distinguished Paper Award. The paper, “Automated Customized Bug-Benchmark Generation,” describes Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. This work …