GrammaTech CodeSonar®
Compliance with Standards

The safety and reliability of embedded systems is essential, because they are used for safety-related applications. For that reason embedded systems are one of the most tested and governed software by standards. Standards such as MISRA, DO-178C (Aerospace), IEC 61508 (Industry), ISO 26262 (Automotive), and IEC 62304 (Medical) make software safer and continue to gain traction globally.

Static analysis simplifies the enforcement of coding standards across teams, improving the overall compliance for a required certification standard and quality of the code. GrammaTech CodeSonar helps teams:

• Build the necessary skills and understanding of the certification process through training and coaching.
• Implement automated enforcement through the deployment of GrammaTech CodeSonar.
• Support the documentation requirements of code analysis, supporting standards that include MISRA C, MISRA C++, CERT C, CERT C++, and more.

CodeSonar helps to meet the certification requirements for the following software standards:

• Autosar C++ 2014
• MISRA
• DO-178
• FDA
• ISO 26262
• BSI rules
• CWE
• JPL rules
• Power of 10

Achieving compliance needs more than comprehensive testing. The verification procedure requires auditing, documentation, and workflow tracking within in the development process. The unique advantage of CodeSonar is that the certification capabilities are built directly into the software. Add-ons or other second-tier products are not necessary.

Moreover CodeSonar offers the following advantages:

• Objective Reporting and Auditing
  To pass certification tests CodeSonar´s integrated compliance capabilities provide objective third-party traceability reporting.
• Less Code Complexity
  The lower the complexity of the codebase, the higher is the quality and security of the application. CodeSonar supports the reduction of the code complexity and the achivement of industry standards.
• Integration of Compliance Throughout Development
  CodeSonar can be simply integrated in existing development processes and workflows without affecting the existing testing and QA practices.

The tool itself has been certified for "use in the development of safety-critical software," up to the highest safety integrity levels for

• ISO 26262
• EN 50128
• IEC 61508

Certification was performed by SGS-TÜV Saar GmbH, an independent third party certification body for functional safety, which examined the quality and compliance of the software development processes and Functional Safety Management of CodeSonar to the given standards. The certification process reviews and confirms:

• Functional safety
• Modification, configuration, and release management
• Verification and validation
• Customer support and bug tracking
• Safety information in the product documentation
• Ongoing surveillance in development process and change management