Tool specific news: Company
Testwell CMT++/CMTJava
Testwell CTC++
CodeSentry
CodeSonar
Imagix
Events/Seminars
ALL NEWS
Newsletter
You wish to be informed about our latest product news and events?Register here for our Newsletter.
You will receive our news 2-4 times per year (cancellation of your subscription is possible at any time).
Your email and contact data will only be used for our newsletter and will not be forwarded to any other company.
Read our latest newsletter here.
GrammaTech CodeSonar: Integration with Microsoft Visual Studio
(Ithaca/New York, 27 November 2018)
Microsoft Visual Studio is still a dominant IDE for developers of C, C++, Visual Basic and C# code. It is also a popular for general C/C++ development even if the target application isn’t a Windows or .NET application. In fact, along with Eclipse, it’s a development environment in demand.
Paul Anderson, VP of Engineering at GrammaTech, explains in his latest publication how to integrate the Advanced Static Analysis Tool GrammaTech CodeSonar into Visual Studio. Learn more
GrammaTech Announces Integration of JuliaSoft into CodeSonar
(Ithaca/New York, 19 October 2018)
Software teams that build safety and security critical systems using Java, C#, or Android can now benefit from high recall, high precision, advanced static analysis. GrammaTech today announces support for these platforms thanks to the integration of the advanced static analysis engine Julia from JuliaSoft into GrammaTech CodeSonar. Today’s software projects are utilizing more and more languages. An IOT device may use C/C++ for the safety critical programmable logic control, while it uses Java to provide a flexible user interface. A medical device may use C inside a pacemaker or an infusion pump, but use C# or Android to provide a familiar user interface to end-users on top of mobile devices. Integrating Julia into CodeSonar provides high recall, high precision, advanced static analysis of multiple languages into a single user interface complete with team collaboration and visualization tools, making it easy for software development teams to deliver better software faster all the while reducing cyber security risk. About JuliaSoft: JuliaSoft is an innovative technology company specialized in software verification. Born as a University of Verona spin-off company in 2010, since June 2015 JuliaSoft is part of Corvallis Group, one of the top Italian IT service companies.
Learn more
GrammaTech is working on SARIF and SASP to foster integration with other development Tools
(Ithaca/New York, 15 October 2018)
As Static analysis tools are now very widely used, there is an increasing need to foster their integration with other software development tools.
Supported by the Static Analysis Tools Modernization Project (STAMP), GrammaTech is committed to working on SARIF (Static Analysis Results Interchange Format) and SASP (Static Analysis Server Protocol.
SARIF was originated at Microsoft, and is now a standard being developed under OASIS. This exchange format in JSON is designed to communicate not just results, but metadata about the tool, how it was invoked, timestamps, and so on.
SARIF is a very useful standard, but it is oriented towards batch execution of analysis tools. In order to encourage tools to communicate actively, a protocol is needed. GrammaTech is proposing SASP (Static Analysis Server Protocol) to fill this gap.
> Learn more
Crank Software Achieved Great Results with GrammaTech CodeSonar
(Ithaca/New York/USA, 9 October 2018)
Crank Software's products and services enable R&D teams and user interface (UI) designers to quickly and collaboratively develop rich, animated UIs for resource-constrained embedded devices.
Software quality and security are paramount for Crank Software. In addition, they must deliver their software with the same level of quality on over 55 different target hardware platforms.
In order to achieve their quality goals, Crank Software’s development team is using CodeSonar’s advanced static analysis capability to help find and fix quality and security issues within their code. In particular, they were looking for tools that could be dropped into their process and would quickly create improvements.
Crank’s development teams integrated CodeSonar into their production process, static analysis is used as soon as code is created or changes are made. Since issues are being caught and fixed very early in the coding process, they are seeing quantifiable results. CodeSonar is well suited for analyzing code right as it understands the code given sufficient information such as header files for the embedded OS.
As a result, of their use of CodeSonar they’ve also improved their end product and Crank Software is better-positioned for the certifications needed to drive greater adoption.
Learn more: GrammaTech Blog
Software quality and security are paramount for Crank Software. In addition, they must deliver their software with the same level of quality on over 55 different target hardware platforms.
In order to achieve their quality goals, Crank Software’s development team is using CodeSonar’s advanced static analysis capability to help find and fix quality and security issues within their code. In particular, they were looking for tools that could be dropped into their process and would quickly create improvements.
Crank’s development teams integrated CodeSonar into their production process, static analysis is used as soon as code is created or changes are made. Since issues are being caught and fixed very early in the coding process, they are seeing quantifiable results. CodeSonar is well suited for analyzing code right as it understands the code given sufficient information such as header files for the embedded OS.
As a result, of their use of CodeSonar they’ve also improved their end product and Crank Software is better-positioned for the certifications needed to drive greater adoption.
Learn more: GrammaTech Blog
Release of CodeSonar 5.0. with many highlights
(Ithaca/New York/USA, Offenburg, 20 August 2018)
GrammTech releases version 5.0. of the Static Code Analysis Tool CodeSonar with an increased language coverage with C# and support for Microsoft Visual Studio and Chinese language support, new copy and paste checker and binary code analysis decompiler increases the reach of CodeSonar across the enterprise. Further new features are:
- C# Analysis with FxCop
- Eclipse Integration
- C++ Compatibility
- Role-based Access Control Improvements
- Copy-Paste Error Plug-in
- Floating Point Warning Classes
- SARIF Importer Plug-In
DARPA Awards GrammaTech $6.2M for Autonomous Botnet Neutralization Research
(Ithaca/New York, July 2018)
GrammaTech, a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced today that it has been awarded a $6.2 million, 4-year contract from Defense Advanced Research Projects Agency (DARPA), a division of the U.S. Department of Defense, to perform research and development into cutting-edge techniques for creating safe and reliable autonomous software agents that can effectively counter botnets and large-scale malware. The goal of GrammaTech’s contribution is to create an automated neutralization system to improve reaction time of malware interception, thereby autonomously decreasing a botnet's impact. This technology will identify infected devices, and then deploy neutralization agents without requiring the system to be taken off-line.
Read the full article here.
Joint Webinar of AFuzion and GrammaTech: Safety, Security and Agile Development - Pick Any 3
People often connect safety and security with archaic development methodologies: strict processes, long development times, big budgets and waterfall development starting from requirements. However, that is no longer the case. Yes, developing safe and secure software takes more time and more skill. Today, we can now be agile, innovative, safe, and secure at the same time. And this is crucial, embedded software is taking a more critical role in our lives and we need that software to be developed quickly, securely and safely. AFuzion and GrammaTech have been in the trenches with developers building hundreds of systems that control aircraft, power and water, cars, industrial automation, electricity delivery, trains, and many more. In this webinar, the leader in safety training and consulting and the leader in static analysis for embedded will walk you through how to combine the V-model with Agile development and how tooling can assist in making safe development easier on your team.
Link to Registration Page: https://app.livestorm.co/grammatech-1/webinar-47836523
Detecting the Beep Vulnerability with CodeSonar
(Ithaca/New York, 3 May 2018)
The error in beep.c was deteced with the static analysis tool GrammaTech CodeSonar.
Read the whole article from the GrammaTech Blog here.
24/7 online training for GrammaTech CodeSonar available
There is an online training for GrammaTech CodeSonar available. You have 24 hours per day, 7 days a week access to helpful webinars and tutorials 24 hours per day. The price for this training depends on the license and the amount of users.
Please contact us for pricing.
Please contact us for pricing.
Performance Optimization with Static Code Analysis
(Offenburg/Germany, Ithaca, New York/USA, 19 April 2018)
As the static code analysis tool GrammaTech CodeSonar parses the exact same source code that the compiler uses to create the final executable, the tool can be used for optimizing the performance of your application.
Royd Lüdtke, director for Static Code Analysis at Verifysoft Technology, explains how GrammaTech CodeSonar can be used for performance optimization.
Read the paper here.
New Webinars: "What's New in CodeSonar?" and "Static Analysis for Automotive"
Static Analysis for Automotive: When people talk about static analysis for automotive application the term MISRA-C immediately pops up. However, MISRA is only one part of static analysis, especially when the automotive supply chain is involved. Tier 1 suppliers integrate technologies from other parties, this technology often involves software, often in the form of binaries. This impacts static analysis. Doing advanced static analysis for automotive means that you can perform static analysis when libraries from your suppliers are present. This webinar looks at how GrammaTech CodeSonar can help automotive suppliers perform advanced, whole program static analysis in the presence of libraries from lower tiers. Register now for GrammaTech's webinar on Tuesday, April 24th 2018 - 5:00 PM (CET, Berlin, Paris).
Embedded World 2018: Verifysoft and GrammaTech with new Testing Technologies for Embedded, M2M, and IoT Devices
(Nuremberg/Germany, 1 March 2018)
One of the innovations was a new user interface for the Code Coverage Analyser Testwell CTC++ which allows to switch between different Coverage Levels.
GrammaTech CodesSonar checks now also binary libraries which are commonly used in embedded development.
Development teams are utilizing legacy code, open source, 3rd-party, and new proprietary code, to develop software for new devices that are being deployed to highly connected ecosystems, exposing them to new risks – including serious cyber threats.
Thanks to the Binary Analysis, GrammaTech CodeSonar increases now the security of this software significantly.
GrammaTech is working on a groundbreaking technology that combines static and dynamic analysis techniques. A completely new plug-in for CodeSonar which detects state violations during host-based testing by analyzing memory usage will be available later this year. For developers, this means more efficiency, less security risks, and shorter time-to-market.
Learn more and watch our video here.
GrammaTech Extends the Reach of Static Analysis by Combining Static Analysis for Source and Binary with Dynamic Analysis
(Ithaca, New York/USA, Offenburg/Germany, 16 February 2018)
CodeSonar is the first static analysis tool that can extend source code static analysis into libraries that are only available in binary form through its CodeSonar/Libraries plugin. The tool adds the capability to seamlessly switch between source and binary analysis as it examines possible paths through the program. This results in a net increase of the number of problems detected in the user’s source code. Many software development projects use binary libraries with content from third party vendors, or from existing legacy code. Examples of these include firmware, operating system libraries, graphical user interface subsystems, or middleware layers such as CORBA, DDS, MQTT or others.
CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to help software developers improve efficiency, further reduce risk and decrease time-to-market. This plug-in for GrammaTech’s CodeSonar reports state corruptions during host-based testing by monitoring memory access. It combines static and dynamic violations and reports them in the CodeSonar User Interface, helping engineers correlate and prioritize.
CodeSonar/Libraries is available now, with CodeSonar/X following later this year.