Codesonar update

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Thursday, September 17, 2020

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

Application Security Testing Techniques

Recommended Application Security Testing (AST) Techniques

Thursday, July 23, 2020

There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …

static analysis for medical device applications

The Role Of Static Analysis In The EU Medical Devices Regulation (MDR)

Thursday, April 09, 2020

The move to digitization and automation is happening in the medical industry as it is in others – almost every medical device requires software. Wireless connectivity is becoming increasingly important in order to exchange data or connect sensors increasing the probability of security risks. The positive aspects of this shift to connectivity is better monitoring …

Static Analysis tool CodeSonar

Make the most of the C/C++ static analysis tools

Thursday, March 19, 2020

Static code analysis is the process of detecting flaws in software’s source code.  The static analysis tools are useful to detect common coding mistakes; here are some benefits from using them: Make the code source more readable and maintainable. Prevent unexpected behavior in execution. Optimize the execution. Make the code more secure. Many C/C++ static analysis …

end-to-end test automation

Explore a flexible C/C++ SonarQube plugin based on CppDepend.

Thursday, February 27, 2020

Both CppDepend and SonarQube are static analyzers that offer a rule-based system to detect problems in C/C++ code. However, the CppDepend default Rules-Set has very few overlaps with the SonarQube rules. Basically, the SonarQube rules are good at analyzing what is happening inside a method, the code flow while the CppDepend code model, on which the …

Static Analysis tool CodeSonar

How Sound Static Analysis Complements Heuristic Analysis

Wednesday, September 18, 2019

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very sophisticated abstract interpretation-like algorithms that reason about potential executions. Each approach has its strengths and weaknesses and often tools, like GrammaTech CodeSonar, use a combination …

software security - DevSecOps

Tainted Data and Format String Attack Strike Again

Monday, September 09, 2019

A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes and in particular, certain versions of the software running on these products, PAN-OS. The vulnerability was discovered by security researchers Orange Tsai and Meh Chang and documented on their blog. …