CodeSonar’s Integration with Microsoft Visual Studio

November 26, 2018 Paul Anderson



Microsoft Visual Studio continues, at 21 years old, to be a dominant integrated development environment (IDE) for developers of C, C++, Visual Basic and C# code. It is also a popular IDE for general C/C++ development even if the target application isn’t a Windows or .NET application. In fact, along with Eclipse, it’s a development environment in demand by our customers. Given this, we’ve updated our integration with Visual Studio to provide a comprehensive set of in-IDE features to bring CodeSonar static analysis right to the developer’s desktop.

Integrating Advanced Static Analysis into Visual Studio

The key to integrating static analysis into any IDE is to follow the conventions for error and warning reporting of the platform. In this case, CodeSonar reports static analysis warnings in the same manner as the compiler does within VisualStudio but marked with a small GrammaTech logo in order to help differentiate the type of warning issued. Among other key features is the ability to evaluate and set the status of the warnings and access other warning info and as well as link to the warning in CodeSonar itself for the complete details. Here is a summary of features with a short demo video to follow:

  • Menu and toolbar for quick access to the CodeSonar features in Visual Studio.
  • View warnings in the editor as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to other parts of CodeSonar.
  • Show the warning path with the events that lead to warning. The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.
  • Perform permanent assessments on the warnings once the priority and accuracy of the warning has been determined. Any settings given to the warnings are persistent in the CodeSonar database in the same manner as the web UI.
  • List active warnings to perform further investigation on project wide analysis. It’s then possible to open the web UI for CodeSonar to perform required actions as needed.
  • Kick off builds and new analyses within the IDE to make it quick and easy to see updated results based on recent fixes or code changes. This is a great way to ensure code has been analyzed and fixed before submitting to a build or source control.


Here is a quick video demonstration of the CodeSonar integration with Visual Studio.





Previous Article
What Does Application Security Mean for Embedded Devices?
What Does Application Security Mean for Embedded Devices?

  The term application security is a popular one in the software community. When people refer t...

Next Article
Large Scale Weapon Systems Cybersecurity Threat is a Concern and Opportunity
Large Scale Weapon Systems Cybersecurity Threat is a Concern and Opportunity

The Government Accounting Office (GAO) was asked to review the state of the Department of Defens...