Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization

Posted on



The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements.

This release of CodeSonar includes improvements in support for Android, NetBSD 8, Visual Studio 19, the CWE 4.0 mapping and many usability improvements.


CodeSonar 5.3 expands support for MISRA-C, MISRA-C++ and AUTOSAR C++14 rules, resulting in higher quality code that is easier to maintain and certify. Many organizations base their own coding guidelines on these popular standards and combine them with metrics (such as the KGAS metrics) to track data points related to code complexity and comment density.

Tainted Data Improvements

We made a number of improvements to our tainted data tracking capability, especially where structs and classes are concerned.

Default Configuration

CodeSonar now allows you to select a set of pre-sets used by default for all projects, which alleviates the need for those pre-sets to be specified at analysis time. The configuration tool allows you to specify these at install time. Changes to default pre-sets have been made to improve usability. 

C++ Parsing

CodeSonar has improved support for C++-20 as well as compatibility with non-standard C++ language dialects which are understood by newer versions of compilers such as Clang and gcc, These updates improve parsing results for projects using these C++ dialects and are especially important when analyzing new bodies of code such as Android.


The HTML5 visualization tool used by CodeSonar has been extended with new usability features and a search feature.

NetBSD Support

CodeSonar is now available for NetBSD version 8.0, support for NetBSD Version 6.0 has been deprecated.

CodeSonar Certification and Tool Qualification

CodeSonar is pre-qualified against standards such as IEC 61508, ISO 26262 and CENELEC EN 50128 and can be used to develop software that needs to adhere to the highest levels of safety. Artifacts to assist in the qualification for DO-178C/ED-12C and DO-326A/ED-202 using DO-330/ED-215 are also available. For more details, see our previous post for more information.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now