En

CodeSonar

Software Application Security Testing (SAST) where Quality matters.

CodeSonar is CodeSecure’s award winning Static Application Security Testing (SAST) Tool. With CodeSonar software engineers deliver better code faster, especially where software security and software quality matters. This supports engineers to deliver new and innovative features faster and with higher quality. Further, CodeSonar supports engineers in meeting functional safety and coding standards with less effort.

Accelerating Software Application Security Testing –  find Vulnerabilities others Miss

CodeSonar is a static code analysis solution that helps you find and understand quality and security defects in your source code or binaries. CodeSonar makes it easy to integrate SAST into your development process.  Support for over 100 compilers and compiler versions is available with numerous integrations to popular development tools and IDEs. Therefore, CodeSonar makes integration into the DevSecOps and Continuous Integration process easy.

Bring Security into DevSecOps – at Speed and Scale

CodeSonar was doing DevSecOps before it was cool. Industries and companies are rapidly undergoing a digital transformation. Techniques like DevSecOps help companies respond to this challenge by releasing solutions to market faster and with fewer defects. Static code analysis is a fundamental component of DevSecOps.

Fulfill Functional Safety & Coding Standards – Quality with Safety and Security

SAST can help you achieve your functional safety objectives easier complying with coding standards like MISRA, AUTOSAR, JSF++, CWE, or CERT. Further, CodeSonar supports all major coding standards and is pre-qualified for the highest levels of safety for IEC 61508, ISO 26262, and EN 50128 standards. Artifacts for qualification according to DO-178C/DO-330 are also available.

Gain In-Development Insights – Beyond Simply “We think there’s a problem”

Go beyond just finding problems to a deep understanding of where a warning comes from and what the risks are, even in code you did not write. In addition, CodeSonar provides whole-program SAST along with unique inspection reporting capabilities, helping developers understand, prioritize, and remediate issues rapidly.

Supported Languages

CodeSonar supports many popular languages, including C/C++, Java, C#, Kotlin, Python, Go, Rust, JavaScript, and TypeScript as well as support for native binaries in Intel, and ARM instruction set architectures.

OASIS SARIF to exchange information with other tools in the DevSecOps environment is also supported.

Meet Functional Safety Certifications

Given the increased use of software in mission-critical and safety-critical applications it’s critical that software follows standards that specify how developers should write code to increase its readability and reliability. CodeSonar automates both the detection and prevention of critical software defects. Some of the use cases include:

  • IEC 61508 – Functional Safety of Electric / Electrical / Programmable Electronic Safety-Related Systems
  • ISO 26262 (Automotive software) – Road Vehicles Functional Safety
  • DO 178C / DO 330 (Airborne systems) – Software Considerations in Airborne Systems and Equipment Certification / Software Tool Qualification Considerations
  • IEC 62443 (Industrial systems) – Security for Industrial Automation and Control Systems
  • IEC 62304 / ISO 13485 (Medical Devices) – Medical Device Software – Software Life Cycle Management / Medical Devices – Quality Management Systems. Requirements for Regulatory Purposes
  • EN 50128 (Railway systems) – Railway Applications. Communication, Signaling, and Processing Systems. Software for Railway Control and Protection Systems

Ensure Coding Standard Compliance and Enforcement

  • MISRA-C and MISRA-C++ (Motor Industry Software Reliability Association)
  • AUTOSAR C++ (Automotive Open System Architecture)
  • CERT (Software Engineering Institute Computer Emergency Response Team=
  • DISA STIG (Security Technical Implementation Guide)
  • ISO/IEC TS 17961 (C Secure Coding Rules Technical Specification)
  • OWASP (Open Worldwide Application Securtiy Project)
  • MITRE CWE (Common Weakness Enumeration)
  • JPL (JPL Institutional Coding Standard for the C Programming Language)
  • Power of Ten (NASA Jet Propulsion Lab)
  • JSF+ (Lockheed Martin Corporation)
  • others

Developer-friendly interface

  • IDE support for Eclipse, Microsoft Visual Studio & Visual Studio Code
  • Warnings reflected in source code
  • Clear explanations with path information
  • Whole program navigation and visualization

Seamlessly integrates into DevSecOps and CI/CD workflow

  • Automate continuous code analysis
  • Warning tracking with suppression
  • GitLab, GitHub, BitBucket and Jenkins integration

Customizable to meet specific requirements

  • Shift Left support promotes security by design
  • Higher quality and more secure code by detecting and remediating errors and vulnerabilities sooner

Customers about our services

soplar s.a.

„We would repeat our decision to choose Rhapsody® at any time. The strikingly improved efficiency, higher quality, and flexibility plus reusability of models make any adverse details negligible. Today we develop more machines with fewer resources in less time."

Reinhold Wüstner

Head of Product Development

Bernina International AG

„Die Architektur muss von Anfang an richtig aufgesetzt werden und den Voraussetzungen einer modellgetriebenen Entwicklung entsprechen. Ich empfehle jedem Unternehmen, sich Unterstützung von einem externen, erfahrenen Rhapsody Spezialisten wie beispielsweise EVOCEAN zu holen, um die Basisarchitektur gemeinsam zu modellieren.“

Giovanni Annunzio

System Architect

Bernina International AG

„The architecture must be set up in the right way and in conformity with the requirements of model driven development – right from the beginning! I strongly recommend to seek for the support of an external, experienced Rhapsody specialist as for example supplied by EVOCEAN and to model the architecture together.“

Giovanni Annunzio

System Architect

Bernina International AG

„Abstraktion, Simulation, Wiederverwendung und automatische Codegenerierung sind bei Bernina zentral für eine kurze Time-to-Market… und somit der Schlüssel zum Erfolg!“

Giovanni Annunzio

System Architect

MCS Engineering AG

"It is very easy to set up and run a Perforce Helix Core proxy server for working with geographically dispersed teams. Downloading data is also very easy. We were amazed at how much time we saved."

Eric Gutmann

Project Leader

Hamilton Medical AG

„Employing our platform strategy and Model Driven Development with IBM Rhapsody® enables us to bring our innovations rapidly to numerous ventilation solutions.“

Gion Durisch

Head of Software Development

Bernina International AG

„Thanks to the models we can visualise new functions and dependencies. A picture says more than a 1'000 words and the graphically modelled abstraction makes life much easier for us developers. At the same time, the automatic code generation based on the models takes over a substantial part of our work!“

Giovanni Annunzio

System Architect

Commentaire sur nos formation – Rhapsody

Le formateur a été très bien préparé, a une excellente vue d'ensemble et une connaissance approfondie de l'outil et des processus et méthodes environnants (A-Spice).

Grand fournisseur automobile

Ingénieur systèmes

Bernina International AG

„In earlier days, we launched one new product model every year – today several thanx to re-use, which also reduces the time needed for testing significantly."

Giovanni Annunzio

System Architect

SIX Financial Information Ltd

„The EVOCEAN continuous improvement method stabilized our processes and had a positive influence on the quality and on the satisfaction of the employees. I would recommend to use this approach at any time. Continuous improvement must become a part of everyday work."

Michael K. Steinhöfel-Cordova

Head of Quality Management