FAQs

CodeSonar FAQs


Frequently asked questions for CodeSonar, GrammaTech’s static application security testing solution.

CodeSonar introduces static application security testing (SAST) findings into your SDLC processes and integrates into your software project management and continuous integration and deployment (CI/CD) workflows, as well as your developer IDEs. Defects identified are persistent and tracked across builds even if its location changes. Presented as warnings, they can be annotated, ranked, assigned, searched, and compared, as well as maintained as part of the historical record of warnings. CodeSonar is designed to support large teams and supports many team-tools out of the box.

Yes. CodeSonar can be deployed as a single tenant cloud application or as an on-premises solution, and as an air-gapped on-prem solution. A hybrid-cloud solution supports the deployment of the CodeSonar Hub into environments like AWS and GovCloud.

CodeSonar provides support for MISRA-C and MISRA-C++, AUTOSAR C++-14, CERT, DISA STIG, OWASP, CWE and many other standards.

CodeSonar supports integration with numerous SDLC and DevSecOps management tools including Jira, GitLab, GitHub, Docker, Jenkins, Eclipse, Visual Studio, Visual Studio Code, and Qlik.

CodeSentry FAQs


Frequently asked questions about CodeSentry, GrammaTech’s Binary Software Composition Analysis Solution.

CodeSentry is derived from GrammaTech’s ground-breaking binary code analysis research. This technology applies software composition analysis (SCA) and achieves deep component results including open source software (OSS) without the need for source code. CodeSentry is suitable for enterprise-wide adoption and offers an extensive set of APIs.

CodeSentry supports environments across endpoints, embedded systems, firmware and mobile devices including operating system support for: Windows; Linux; macOS; RTOS; bare metal embedded software. Programming language support is provided for C; C++; Objective-C and object file compatibility for ELF; PE; Mach-0.

Yes. CodeSentry creates a detailed software bill of materials (SBOM) and lists known vulnerabilities in the detected components including any dependencies.

Yes. CodeSentry can be deployed as a single tenant cloud application or as an on-premises solution, as well as an air-gapped on-prem solution. CodeSentry also supports a SaaS option.

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now