As we announced in April, CodeSonar 5.1 has now been released. With CodeSonar®, developers can use a single user interface to find, assess and correct security vulnerabilities in different programs using multiple programming languages.
CodeSonar® 5.1 is tightly integrated with the Julia engine from Juliasoft, which provides high recall, high precision detection of security vulnerabilities in Java and C#. In the expansive world of IoT, this is critical as IoT devices and enterprise services are built using many different programming languages. While C# or Java are typically the languages used on the user-interface or enterprise side, the embedded device itself is built using C/C++, with Python in the mix for scripting.
CodeSonar®’s flexible Qualification Kit is available as an add-on for software developers that have requirements to support functional safety standards such as IEC 61508, DO178B/C, or ISO 26262. The Qualification Kit allows customers to qualify CodeSonar® in their environment as a preparatory step in the safety certification process.
Additionally, CodeSonar® now supports the import and export of results in SARIF (Static Analysis Results Interchange Format). GrammaTech is taking a leading role in the development of this emerging standard which is expected to lead to much improved integration between static analyzers and other software engineering tools.
GrammaTech continues to evolve the field of static analysis with the new API Anomaly detection module in CodeSonar®, which uses statistical machine learning to distill checkers from open source bodies of code. This module reports reliability and security problems due to bad use of 3rd party APIs such as the GNU C Library, OpenSSL, Qt, Glib, GTK, libXML and others. This module has already been used to report problems in the Git version control system, the elinks browser, the Query Object Framework, Gnome and other projects.
“IoT provides the ultimate challenge to static analysis tools,” says Paul Anderson, VP of Engineering at GrammaTech. “Functionality, 3rd party libraries, security and safety are all important, while developers are constantly under pressure to deliver. CodeSonar® helps developers write safer, more secure code, faster.”
The update is available as a free upgrade to all licensed customers under active support and maintenance contracts. A 30-day free trial of CodeSonar® 5.1 is also available.
To view the features in CodeSonar version 5.1 a webinar recording is available on the Grammatech Website