CodeSonar 5 is released with support for C# and Visual Studio, and  vulnerability assessments

August 16, 2018 Mark Hermeling

codesonar5

C# Support

CodeSonar 5 enters the world of .NET and C# programming, next to the existing support for C, C++ and Java. This gives CodeSonar coverage of the most popular programming languages for safety and security critical industries such as automotive, industrial, medical, consumer electronics as well aerospace and defense.

Microsoft Visual Studio Integration

User experience has also been improved with support for the Visual Studio IDE, which builds on the currently available support for the Eclipse IDE. GrammaTech uses open standards where possible and CodeSonar 5 adds support for SARIF (Static Analysis Results Interchange Format), which allows integration with other compatible tools, including Microsoft Visual Studio Code.

Chinese Language Support

One of the differentiating features of CodeSonar is the detailed information that it provides for every warning through its natural language generator. CodeSonar 5 extends language support for Chinese in addition to existing support for Japanese and English. CodeSonar allows for customization to support other languages.

Copy and Paste Checker

Additionally, the whole program static analysis engine within CodeSonar has been extended with a copy-paste error checker that finds problems with this heavily used but error-prone type of reuse. This checker has already proven its use in finding several serious problems in popular open source programs such as postgres, ffmpeg, the Linux kernel, Open Office and the Chrome browser. A more complete description is available in a previous post.

Numerous other improvements are also included, such as enhancements to the C++11, 14 and 17 support, floating point support and more flexibility in the role-based access control.

Binary Code Analysis Decompiler

CodeSonar’s binary analysis capability allows security engineers to perform vulnerability assessments on applications implemented as native binaries even if they lack debug information or source code. These types of applications are often found in security sensitive, internet accessible systems such as point-of-sale systems and Internet of Things devices, but also automotive and even devices supporting critical infrastructure such as electricity and water delivery.

The recently released CodeSonar 5 enhances the static analysis tool's binary analysis capabilities with a built-in C Decompiler. This enables security engineers to understand warnings easier and assess their impact by scoring them with rankings such as the CVSS (Common Vulnerability Scoring System). This makes it easier to include CodeSonar for Binaries in a Vulnerability Management framework, which is one of the best practices recommended by policies such as the Payment Card Industry Data Security Standard (PCI DSS), the US Federal Information Security Management Act (FISMA) and ISO 27001. More information on this will be provided in a future post.

Conclusion

Software development teams looking to streamline their development workflows and increase quality and security are going to appreciate the new features in CodeSonar 5. Increased language coverage with C# and support for Microsoft Visual Studio and Chinese language support, increases the reach of CodeSonar across the enterprise. The new copy and paste checker and binary code analysis decompiler add to the already unique capabilities of CodeSonar. I hope to hear about your upgrade stories once you have updated to CodeSonar 5

Previous Article
CodeSonar 5 is released with support for C# and Visual Studio, and  vulnerability assessments
CodeSonar 5 is released with support for C# and Visual Studio, and  vulnerability assessments

C# Support CodeSonar 5 enters the world of .NET and C# programming, next to the existing supp...

Next Article
The Dangers of Copy and Paste
The Dangers of Copy and Paste

INTRODUCTION: Copying and pasting code (“copy-paste”) is a primitive but very common form of s...