Expansion of Automation Capabilities for Complying with Leading Embedded Software Safety and Security Standards

Posted On


CodeSonar static application security testing (SAST) tool now provides integrated support for meeting MISRA C 2023 and JSF++ for C++ standards

CodeSecure, formerly the products division of GrammaTech and a leading provider of application security testing products, today announced that the latest version of its CodeSonar SAST product (8.0) enables customers to further automate the development of embedded software that satisfies the leading security standards for safety-critical industries such as automotive, aerospace, critical infrastructure, and medical devices.

CodeSonar 8.0 now includes support for the updated MISRA C 2023 standard, which consists of over 350 mandatory, required and advisory rules that enforce safe coding standards, as well as guidelines for multithreading and atomic types. This addition is especially important as embedded systems continue to evolve, becoming more connected and intelligent in a wide range of physical products including automobiles. CodeSecure enables developers to meet this new standard by detecting and eliminating coding violations within their CI/CD orchestration pipelines without disrupting existing build processes.

“For embedded application developers, meeting safety and security standards is not their area of expertise and can delay projects when coding errors are discovered later in the product lifecycle,” said Vince Arneja, Chief Product Officer for CodeSecure. “The integration of leading standards including MISRA C 2023, JSF++ for C++, and others within CodeSonar allows engineers to build software that meets and exceeds the most stringent safety and security standards, knowing they will be alerted when and how they need to fix vulnerabilities.”

In addition to MISRA C 2023, CodeSonar 8.0 also supports other critical standards, including the JSF++ standard for C++ code, for developing high-integrity in safety- and security-critical systems. By automating the implementation of JSF++ rules and recommendations CodeSonar 8.0 helps ensure predictable behavior and reduce failures due to programming errors. JSF++ complements and builds on other standards like MISRA C++ which focuses primarily on reliability. CodeSonar has also achieved certification for use in ISO 26262 ASIL Level D, IEC 61508 SIL4, and EN 50128 SIL4 projects.

For flexibility in meeting diverse organizational needs and ease of adoption, CodeSonar 8.0 supports several deployment models including air-gapped, on-premise, self-managed cloud, and Hybrid SaaS. With free training for users and flexible licensing that supports DevSecOps pipelines, CodeSecure enables customers to seamlessly integrate CodeSonar into their existing development environments and immediately begin producing more secure and reliable software.


CodeSonar 8.0 is available immediately from CodeSecure and its business partners worldwide.

About CodeSecure

CodeSecure is a leading global provider of application security testing (AST) solutions used by the world’s most security-conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. CodeSecure products enable rapid DevSecOps deployments while also securing their software supply chains. CodeSecure has corporate headquarters in Bethesda MD and publishes TalkSecure, an educational resource for product software developers. Visit us at http://www.codesecure.com and follow us on LinkedIn and X.

CodeSonar® and CodeSentry® are registered trademarks of CodeSecure, Inc.

Other Posts

Check out all other blog posts and stay informed.

view all posts