The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements.
This release of CodeSonar includes improvements in support for Android, NetBSD 8, Visual Studio 19, the CWE 4.0 mapping and many usability improvements.
MISRA C/C++ and AUTOSAR C++14
CodeSonar 5.3 expands support for MISRA-C, MISRA-C++ and AUTOSAR C++14 rules, resulting in higher quality code that is easier to maintain and certify. Many organizations base their own coding guidelines on these popular standards and combine them with metrics (such as the KGAS metrics) to track data points related to code complexity and comment density.
Tainted Data Improvements
We made a number of improvements to our tainted data tracking capability, especially where structs and classes are concerned.
Default Configuration
CodeSonar now allows you to select a set of pre-sets used by default for all projects, which alleviates the need for those pre-sets to be specified at analysis time. The configuration tool allows you to specify these at install time. Changes to default pre-sets have been made to improve usability.
C++ Parsing
CodeSonar has improved support for C++-20 as well as compatibility with non-standard C++ language dialects which are understood by newer versions of compilers such as Clang and gcc, These updates improve parsing results for projects using these C++ dialects and are especially important when analyzing new bodies of code such as Android.
Visualization
The HTML5 visualization tool used by CodeSonar has been extended with new usability features and a search feature.
NetBSD Support
CodeSonar is now available for NetBSD version 8.0, support for NetBSD Version 6.0 has been deprecated.
CodeSonar Certification and Tool Qualification
CodeSonar is pre-qualified against standards such as IEC 61508, ISO 26262 and CENELEC EN 50128 and can be used to develop software that needs to adhere to the highest levels of safety. Artifacts to assist in the qualification for DO-178C/ED-12C and DO-326A/ED-202 using DO-330/ED-215 are also available. For more details, see our previous post for more information.