CodeSonar helps teams analyze and validate the code, source and/or binary, by identifying serious vulnerabilities or bugs that cause system failures, poor reliability, system breaches, or unsafe conditions.
CodeSonar provide the deepest static analysis, finding more critical defects than other static analysis tools on the market. CodeSonar has performed best on several static analysis tool benchmarks in finding static memory, resource management, concurrency, and other defects.
By analyzing both source code and binaries, CodeSonar enables analysis of complete applications, enabling you to take control of your software and eliminate the most costly and hard-to-find defects early in the development process.
Comply with Coding Standards
CodeSonar supports compliance with standards like MISRA C:2012, IS0-26262, DO-178B/C, US-CERT’s Build Security In, and MITRE’S CWE.
Analyze Millions of Lines of Code
CodeSonar can perform a whole-program analysis on 10M+ lines of code. Once an initial baseline analysis has been performed, CodeSonar’s incremental analysis capability makes it fast to analyze daily changes to your codebase. The anlaysis can run in parallel to take best advantage of multi-core environments
Analyze Third-Party Code
CodeSonar’s Integrated Binary Analysis finds security vulnerabilities from libraries or other third-party code without access to source code.
Collaborate with Teams
Automation features enable large teams to work together in a coordinated way. For example, it’s easy to manage warnings across different project versions or development branches. A Python API supports customization & integration with other tools.
View Quality Trends
Graphs display data to help you manage development and testing efforts.
Software Architecture Visualization
Visualizing your code makes it easy to uncover and understand relationships between different elements in the code. Visual Taint Analysis allows you to quickly spot the source of potentially dangerous information flows.
New checks can be created easily with the included C API. Many built-in checks can be configured according to local requirements.
Out of the box, CodeSonar can compute N different code metrics. You can also use the API to define custom metrics.