The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements.
This release has several new features as well as numerous bug fixes, compatibility updates, and other minor improvements. The highlights are listed below; for more complete details, see the release notes in the manual.
The C++ support has been upgraded, which includes improvements to C++-17 support and further progress in support for C++ 20 as well as better compatibility with compiler dialects. These changes now also allow analysis of the recently released Android 11.
There are six new warning classes, all of which address rules in MISRA C++ 2008 and AUTOSAR C++. This version of CodeSonar uses CWE v4.2 released August 20, 2020.
Subcommands for DevSecOps
There is an entirely new way to invoke additional CodeSonar functionality from the command line through the Python API. This comes with a DevSecOps-focused example: codesonar dump_warnings.py to download warnings directly from the hub. This makes it easier to integrate with CI/CD tools such as Jenkins/GitHub/GitLab or other DevSecOps tools. The separately available Jenkins plug-in has also been updated with more capabilities to decide when to pass or fail a build.
Library models have been updated or extended to support FreeRTOS.
IAR Compiler Model
Significant IAR compiler model improvements and bug fixes to be compatible with latest versions of the IAR compilers.
To see all of CodeSonar's features, check out our product page.
Interested in reading more? Read our guide on Advanced Static Analysis for C/C++