GRAMMATECH CODESONAR PRODUCT DATASHEET
Static Code Analysis and Static Application Security Testing Software Assurance Services Delivered by a senior software CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – engineer, the software assurance identifying serious defects or bugs that cause cyber vulnerabilities, system failures, poor services focus on automating reliability, or unsafe conditions. reporting on your software quality, creating an improvement plan and GrammaTech’s Software Assurance Services provide the bene ts of CodeSonar to your team in measuring your progress against that an accelerated timeline and ensures that you make the best use of SCA and SAST. plan. This provides your teams with reliable, fast, actionable data. GrammaTech will manage the static Enjoy the Bene ts of the Deepest Static Analysis analysis engine on your premises for you, such that your resources can Employ Sophisticated Algorithms Comply with Coding Standards focus on developing software. The following activities are covered: CodeSonar performs a uni ed data ow and CodeSonar supports compliance with standards
symbolic execution analysis that examines the like MISRA C:2012, IS0-26262, DO-178B, � Integration in your release process computation of the entire program. The US-CERT’s Build Security In, and MITRE’S CWE. � Integration in check-in process approach does not rely on pattern matching or similar approximations. CodeSonar’s deeper � Automatic assignment of defects analysis naturally nds defects with new or � Reduction of parse errors
unusual patterns. � Review of warnings Analyze Millions of Lines of Code � Optimization of con guration CodeSonar can perform a whole-program � Improvement plan and tracking analysis on 10M+ lines of code. Once an initial The service can be delivered baseline analysis has been performed, on-site or remotely. CodeSonar’s incremental analysis capability makes it fast to analyze daily changes to your codebase. The anlaysis can run in parallel to take best advantage of multi-core environments. See the path to each aw and how it can occur. Customer Testimonials
“CodeSonar does a better job of Improve Your Ef ciency nding the more serious problems, Collaborate with Teams Software Architecture Visualization which are often buried deep in the Automation features enable large teams to work Visualizing your code makes it easy to uncover code and sometimes hidden by together in a coordinated way. For example, it’s and understand relationships between different unusual programming constructs easy to manage warnings across different project elements in the code. Visual Taint Analysis allows that are hard for other versions or development branches. A Python API you to quickly spot the source of potentially supports customization & integration with other dangerous information ows. static-analysis tools to parse.” tools. – GE Aviation Reduce the Cost of Development View Quality Trends Identifying and eliminating defects throughout “We tried the leading Graphs display data to help you manage the development cycle will help you ship on-time static-analysis tools. CodeSonar development and testing efforts. without business risks and liabilities. performed the deepest analysis and provided the most useful information.” Customize Your Analysis – Adaptive Digital Systems Custom Checks New checks can be created easily with the included C and Python API. This allows for the addition of either special industry-speci c checks, or even checks based on architectural rules that See quality trends by comparing analysis runs. Find are speci c to a project. out what types of defects are being introduced. www.grammatech.com ® CODESONAR System Requirements Supported languages C Combine Dynamic and Static Analysis C++ CodeSonar/X is a plug-in into CodeSonar that reports buffer overruns and other state corruptions Java during host-based testing. It tracks memory usage and reports any violations into the CodeSonar User Binary Interface. This helps catch any violations that CodeSonar may have missed, and it helps users prioritize Supported platforms warnings that CodeSonar did report. Windows Unit and integration testing is an important activity during the software development lifecycle. State Linux corruptions that do occur in the test cases may be silent and do not always lead to failed test cases. Solaris CodeSonar/X makes certain that they are agged, such that they can be xed before they lead to Machine requirements expensive failures in elded software. 2 GHz CPU CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to 2 GB of RAM* help software developers improve ef ciency and further reduce risk and decrease time-to-marker. 15+ GB of free disk space
Supported compilers Extend Your Analysis into Binary Libraries Apple xcode Advanced static analysis provides the deepest and most accurate analysis if the complete logic of an ARM RealView application is available, including logic that is provided by binary libraries. Many projects use binary CodeWarrior libraries from either other in-house teams, or 3rd parties to base an application on. Binary libraries GCC can cover graphical user interfaces, transportation middleware, computational algorithms, encryption G++ libraries and many more. Green Hills HI-TECH CodeSonar/Libraries is a plug-in into CodeSonar that extends static analysis into these libraries, even IAR if source code is not available, to make sure that there are no programming mistakes made that cross Intel C/C++ the code-to-library binary. Examples of these could be mistakes in buffer size handling leading to MS Visual Studio buffer overruns, allocation/de-allocation problems, null-pointer dereferences and many more. Renesas CodeSonar/Libraries also greatly improves the static analysis accuracy around the calling site by Sun C/C++ avoiding the need to make over-estimations of the functionality provided by the library. Texas Instruments CodeSonar/Libraries is available for 32 and 64 bit Intel architectures and 32 bit ARMv7. Other CodeComposer Wind River architectures on request. Most other compilers easily supported
Some of the Checks Technical Highlights Output formats HTML Security Vulnerabilities Reliability Issues Symbolic execution engine XML Buffer Overrun Data Race Scalable Text (plain text and CSV) Uninitialized Variable Deadlock Incremental analysis capability Free Non-Heap Variable Null-Pointer Dereference Browser-based user interface Use After Free Division by Zero Management reports *Requirements to run in serial mode. Double Free/Close Double Close Extensible analysis engine Parallel mode requires 512MB plus Format String Vulnerability Dangerous Function Cast Integrates with other tools 512MB (and one core) per process. Return Pointer to Local Resource Leak Easy setup requires no changes to build environment
Free Trial GrammaTech provides a cost-free means to evaluate CodeSonar on your own code so you can compare the results with those reported by other vendors. Request an evaluation copy at go.grammatech.com
About GrammaTech GrammaTech’s tools are used by software developers worldwide, spanning a myriad of embedded FOR MORE INFORMATION software industries including avionics, government, medical, military, industrial control, and other www.grammatech.com applications where reliability and security are paramount. Originally spun out of Cornell’s computer U.S. SALES 888-695-2668 science labs, GrammaTech is now both a leading research center for software security and a commercial INTERNATIONAL SALES +1-607-273-7340 EMAIL [email protected] vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance CodeSonar is a registered trademark of GrammaTech, Inc. the science of superior software analysis, providing technology for developers to produce safer software.