GrammaTech Expands SAST Reach with new version of CodeSonar

Posted on


CodeSonar 5.2 feature set expands software teams’ abilities to perform best-in-class Static Application Security Testing (SAST) across embedded and enterprise customers


December 2019


GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announces immediate availability of CodeSonar® 5.2. The features in this latest version of CodeSonar® provide software development organizations the capability to use a single tool to perform Static Application Security Testing (SAST) to further increase code security, quality, and safety covering both embedded and enterprise applications.

CodeSonar® now supports AUTOSAR C++14, the latest C++ coding guidelines from AUTOSAR. With MISRA compliance included in previous releases, the addition of AUTOSAR support now sets CodeSonar® at the forefront of the MISRA/AUTOSAR merging of standards.

The release of CodeSonar® 5.2 also includes improved compiler support and open standards,  with support for new versions of the IAR, GNU C, and CLANG compilers. Updates to C, C++-17, and C++-20 standards have also been incorporated, providing customers with the confidence that CodeSonar® support spans from old to new language features. GrammaTech continues its work on open standards including contributing to and supporting SARIF version 2.1. This support also means that CodeSonar® can work with the latest versions of IDEs such Microsoft VS Code.

CodeSonar® 5.2 continues its tight integration with JuliaSoft by supporting the latest release of the Julia engine, which provides high recall, high precision detection of security vulnerabilities in Java and C#.

Additionally, GrammaTech is expanding support for CodeSonar® for Binaries to include support for the Power architecture (PPC) in addition to the existing support for x86 and ARM architectures. The addition of the Power architecture support for CodeSonar® for Binaries widens the scope of the product to another key processor family used in embedded and server-based systems such as devices from NXP and IBM.

“Hundreds of customers in all industries use CodeSonar® as the SAST tool of choice when building software for businesses across embedded to enterprise domains. Some are developing their own software, and some are deploying third-party software,” says Vince Arneja, Chief Product Officer at GrammaTech.  “The commitment to open standards in this release of CodeSonar continues to drive value for our customers.”

With these updates, CodeSonar continues to provide developers SAST tools they can fine-tune to their domain and easily integrate into the code-review process while providing a single interface that scales easily across projects and languages. The update is available as a free upgrade to eligible customers under active support and maintenance contracts. A 30-day trial of CodeSonar® 5.2 is also available at


About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, automotive and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit or follow GrammaTech on LinkedIn.

CodeSonar is a registered trademark of GrammaTech, Inc.


Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now