GRAMMATECH CODESONAR PRODUCT DATASHEET

Static Analysis and Static Application Security Testing Software Assurance Services Delivered by a senior software CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – engineer, the software assurance identifying serious defects or bugs that cause cyber vulnerabilities, system failures, poor services focus on automating reliability, or unsafe conditions. reporting on your software quality, creating an improvement plan and GrammaTech’s Software Assurance Services provide the bene ts of CodeSonar to your team in measuring your progress against that an accelerated timeline and ensures that you make the best use of static analysis. plan. This provides your teams with reliable, fast, actionable data. GrammaTech will manage the static analysis engine on your premises for you, such that your resources can Enjoy the Bene ts of the Deepest Static Analysis focus on developing software. The following activities are covered: Employ Sophisticated Algorithms Analyze Millions of Lines of Code CodeSonar performs a uni ed dataow and CodeSonar can perform a whole-program Integration in your release process symbolic execution analysis that examines the analysis on 10M+ lines of code. Once an initial Integration in check-in process computation of the entire program. The baseline analysis has been performed, Automatic assignment of defects approach does not rely on pattern matching or CodeSonar’s incremental analysis capability Reduction of parse errors similar approximations. CodeSonar’s deeper makes it fast to analyze daily changes to your analysis naturally nds defects with new or codebase. The anlaysis can run in parallel to take Review of warnings unusual patterns. best advantage of multi-core environments. Optimization of con guration

Improvement plan and tracking Comply with Coding Standards Analyze Third-Party Code CodeSonar supports compliance with standards CodeSonar’s Integrated Binary Analysis nds The service can be delivered like MISRA :2012, IS0-26262, DO-178B, security vulnerabilities from libraries or other on-site or remotely. US-CERT’s Build Security In, and MITRE’S CWE. third-party code without access to source code. Customer Testimonials

“CodeSonar does a better job of Improve Your Ef ciency nding the more serious problems, which are often buried deep in the Collaborate with Teams Software Architecture Visualization code and sometimes hidden by Automation features enable large teams to work Visualizing your code makes it easy to uncover unusual programming constructs together in a coordinated way. For example, it’s and understand relationships between different that are hard for other easy to manage warnings across different project elements in the code. Visual Taint Analysis allows versions or development branches. A Python API you to quickly spot the source of potentially static-analysis tools to parse.” supports customization & integration with other dangerous information ows. – GE Aviation tools. Reduce the Cost of Development “We tried the leading View Quality Trends Identifying and eliminating defects throughout static-analysis tools. CodeSonar Graphs display data to help you manage the development cycle will help you ship on-time performed the deepest analysis development and testing efforts. without business risks and liabilities. and provided the most useful information.” – Adaptive Digital Systems Customize Your Analysis Custom Checks Custom Metrics New checks can be created easily with the Out of the box, CodeSonar can compute N included C API. Many built-in checks can be different code metrics. You can also use the API con gured according to local requirements. to de ne custom metrics. www..com ® CODESONAR System Requirements Supported languages  C Code Analysis for Zero-Tolerance Defect Environments  C++  Java  Objective-C  Binary

Supported platforms  Windows   Solaris

Machine requirements  2 GHz CPU See quality trends by comparing analysis runs. Find  2 GB of RAM* out what types of defects are being introduced.  15+ GB of free disk space

Supported compilers  Apple  ARM RealView  CodeWarrior  GCC  G++  Green Hills  HI-TECH  IAR  Intel C/C++ Understand your code with GrammaTech’s  MS Visual Studio See the path to each aw and how it can occur. award-winning software architecture visualization.  Renesas  Sun C/C++  Texas Instruments Some of the Checks Technical Highlights CodeComposer  Wind River Security Vulnerabilities Reliability Issues  Symbolic execution engine  Most other compilers easily  Buffer Overrun  Data Race  Scalable supported  Uninitialized Variable  Deadlock  Incremental analysis capability  Free Non-Heap Variable  Null-Pointer Dereference  Browser-based user interface Output formats    Use After Free Division by Zero Management reports  HTML    Double Free/Close Double Close Extensible analysis engine  XML    Format String Vulnerability Dangerous Function Cast Integrates with other tools  Text (plain text and CSV)  Return Pointer to Local  Resource Leak  Easy setup requires no changes to build environment *Requirements to run in serial mode. Parallel mode requires 512MB plus 512MB (and one core) per process. Free Trial GrammaTech provides a cost-free means to evaluate CodeSonar on your own code so you can compare the results with those reported by other vendors. Request an evaluation copy at go.grammatech.com

About GrammaTech GrammaTech’s tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally spun out of Cornell’s computer FOR MORE INFORMATION science labs, GrammaTech is now both a leading research center for software security and a commercial www.grammatech.com vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic U.S. SALES 888-695-2668 analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance INTERNATIONAL SALES +1-607-273-7340 EMAIL [email protected] the science of superior software analysis, providing technology for developers to produce safer software. CodeSonar is a registered trademark of GrammaTech, Inc.