CodeSonar

CodeSonar
Developer(s)CodeSecure, Inc.
Stable release
7.3 / 8 May 2023; 18 months ago (2023-05-08)
Operating systemCross-platform
Typestatic code analysis
LicenseProprietary

CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities[1] in source and binary code.[2][3][4] It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application.

  1. ^ Vitek, D. (2016). "Auditing Code for Security Vulnerabilities with CodeSonar". 2016 IEEE Cybersecurity Development (SecDev). p. 154. doi:10.1109/SecDev.2016.042. ISBN 978-1-5090-5589-0. S2CID 33024752.
  2. ^ Balakrishnan, Gogul; Gruian, Radu; Reps, Thomas; Teitelbaum, Tim (2005). "CodeSurfer/X86—A Platform for Analyzing x86 Executables". Compiler Construction. Lecture Notes in Computer Science. Vol. 3443. Springer. pp. 250–254. doi:10.1007/978-3-540-31985-6_19. ISBN 978-3-540-31985-6.
  3. ^ Gopan, Denis; Driscoll, Evan; Nguyen, Ducson; Naydich, Dimitri; Loginov, Alexey; Melski, David (2015). "Data-delineation in Software Binaries and Its Application to Buffer-overrun Discovery". Proceedings of the 37th International Conference on Software Engineering - Volume 1. ICSE '15. Florence, Italy: IEEE Press: 145–155. ISBN 978-1-4799-1934-5.
  4. ^ Lim, J.; Reps, T. (April 2008). "A system for generating static analyzers for machine instructions" (PDF). Proc. Int. Conf. on Compiler Construction. New York: Springer-Verlag.