GrammaTech, a leading provider of application security testing products and software research services, today announced a new version of its CodeSonar® SAST (static application security testing) product that helps developers build safer and more secure code without disrupting workflows. CodeSonar 6.0 features visualization and analysis enhancements, GitLab integration as well as additional language and compiler support requested by 500 plus GrammaTech customers to support their transition to DevSecOps practices.
“Fundamentally, development teams need to be onboard, trained, equipped and motivated to do secure development (sometimes referred to as DevSecOps). The design approach should include basic coding standards that help developers avoid building apps with exploitable bugs and operational vulnerabilities,” said Steve Lipner, executive director of SAFECode, a global nonprofit organization that brings business leaders and technical experts together to exchange insights and ideas on creating, improving and promoting scalable and effective software security programs.
New capabilities in CodeSonar 6.0 make it easier for developers to avoid security and safety defects by automating the detection of problems and identifying best practice violations within their development environments. Providing SAST embedded in continuous integration/continuous delivery (CI/CD) pipelines is a critical component for shifting left and baking security into DevOps workflows. Several key enhancements in CodeSonar include:
- Integrated visual representation of selected code for improved remediation of defects, eliminating the need for a separate developer interface
- Built in detection, alerts and reporting of Top 10 OWASP risks
- Increased granularity of CWE (Common Weakness Enumeration) vulnerabilities including format string type checking to facilitate communication on threats between developers and security team
- Code security and quality testing for both Android 11 based applications and the base operating environment which extends CodeSonar security to the Android platform
- Unification of Java, C and C++ testing in a single interface to eliminate workflow interruptions
- Support for 20 new C++ language features that enables customers to seamlessly extend security when new libraries and frameworks are adopted. These include spaceship operator, const init and concepts
- Updated support for GCC, IAR and Clang 10 compliers, and new support for Arm Clang compiler
“Reflecting the market in general, our customers are moving from post-build testing to making security an integral part of their development processes,” said Vince Arneja, Chief Product Officer for GrammaTech. “This latest release of CodeSonar builds on our powerful static analysis capabilities to detect potential vulnerabilities, while making it infinitely easier to integrate SAST within DevOps pipelines without interrupting or slowing down developers.”
CodeSonar 6.0 is available immediately from GrammaTech and its business partners worldwide. For more information or to obtain an evaluation please visit www.grammatech.com.
GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD with a Research and Development Center in Ithaca NY. Visit us at https://www.grammatech.com/, and follow us on LinkedIn and Twitter.
CodeSonar® is a registered trademark of GrammaTech, Inc.