CodeSonar’s Integration with Microsoft Visual Studio

Posted on



Microsoft Visual Studio continues, at 21 years old, to be a dominant integrated development environment (IDE) for developers of C, C++, Visual Basic and C# code. It is also a popular IDE for general C/C++ development even if the target application isn’t a Windows or .NET application. In fact, along with Eclipse, it’s a development environment in demand by our customers. Given this, we’ve updated our integration with Visual Studio to provide a comprehensive set of in-IDE features to bring CodeSonar static analysis right to the developer’s desktop.

Integrating Advanced Static Analysis into Visual Studio

The key to integrating static analysis into any IDE is to follow the conventions for error and warning reporting of the platform. In this case, CodeSonar reports static analysis warnings in the same manner as the compiler does within VisualStudio but marked with a small GrammaTech logo in order to help differentiate the type of warning issued. Among other key features is the ability to evaluate and set the status of the warnings and access other warning info and as well as link to the warning in CodeSonar itself for the complete details. Here is a summary of features with a short demo video to follow:

  • Menu and toolbar for quick access to the CodeSonar features in Visual Studio.
  • View warnings in the editor as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to other parts of CodeSonar.
  • Show the warning path with the events that lead to warning. The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.
  • Perform permanent assessments on the warnings once the priority and accuracy of the warning has been determined. Any settings given to the warnings are persistent in the CodeSonar database in the same manner as the web UI.
  • List active warnings to perform further investigation on project wide analysis. It’s then possible to open the web UI for CodeSonar to perform required actions as needed.
  • Kick off builds and new analyses within the IDE to make it quick and easy to see updated results based on recent fixes or code changes. This is a great way to ensure code has been analyzed and fixed before submitting to a build or source control.


Here is a quick video demonstration of the CodeSonar integration with Visual Studio.

{{ script_embed(‘wistia’, ‘4waq324d08’, ”, ‘inline,responsive’) }}

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now