27 April 2021
Tool specific news: Company Testwell CMT++/CMTJava Testwell CTC++ GrammaTech CodeSentry GrammaTech CodeSonar Imagix Events/Seminars ALL NEWS
CodeSonar 5.2 with Static Application Security Testing (SAST) Available
(Ithaca/New York/USA, Offenburg/Germany, 19 December 2019)
Version 5.2 of GrammaTech CodeSonar is now available for download. The new version of the Static Analysis Tools expands software teams' abilities to perform best-in-class Static Application Security Testing (SAST) across embedded and enterprise customers.
CodeSonar now supports AUTOSAR C++14, the latest C++ coding guidelines from AUTOSAR. With MISRA compliance included in previous releases, the addition of AUTOSAR support now sets CodeSonar at the forefront of the MISRA/AUTOSAR merging of standards.
The release of CodeSonar 5.2 also includes improved compiler support and open standards.
CodeSonar 5.2 continues its tight integration with JuliaSoft by supporting the latest release of the Julia engine, which provides high recall, high precision detection of security vulnerabilities in Java and C#.
Additionally, GrammaTech is expanding support for CodeSonar for Binaries.
The update is available as a free upgrade to eligible customers under active support and maintenance contracts. A 30-day trial of CodeSonar 5.2 is also available.
> Learn more.
Free Webinar: What is New in CodeSonar 5.2?
Tuesday, December 17, 11am EST (17:00 Uhr CET, Berlin, Wien, Zürich) and 8pm EST (02:00 Uhr CET, Berlin, Wien, Zürich)
This expansion expands the domain in which CodeSonar can help software teams perform Static Application Security Testing (SAST). Software teams from embedded to enterprise domains can use CodeSonar to improve the quality and security of their software.
We will use Docker to run CodeSonar on these applications and view the warnings in both CodeSonar’s web GUI and visualization tool as well as in Microsoft Visual Code.
GrammaTech honours Verifysoft for the "Top Overall Deal" in Fiscal Year 2019
(Ithaca/New York/USA, 10 October 2019)
Verifysoft sets another milestone in the history of the longstanding cooperation with GrammaTech, which is on persistent growth since the beginning of their cooperation in 2013. GrammaTech´s static code analysis tool CodeSonar is successfully used by many customers in german speaking countries, among other things at leading car manufacturers, but also in a lot of other sectors like medical care, aerospace and defending or the agricultural engineering technology to improve their quality management.
GrammaTechs webinars in autumn
(Ithaca/New York/USA, Offenburg/Germany, 15 August 2019)
Wednesday, September 25, 10:00 am EST, 04:00 pm CEST
In this webinar, GrammaTech will share how combining model driven analytical software development with static analysis provides the means to handle the increase in complexity and rapidly build robust, reliable and resilient cyber-physical systems based on strong foundations. Register here
Applying Aviation Cyber-Security via DO-326A / ED-202A
Wednesday, October 3, 12:00 pm EST, 06:00 pm CEST
This 1-Hour Technical Training webinar provides the basic info necessary to start planning your Aviation Cyber-Security needs to meed the year-end 2019 mandates. The new DO-326A (ED-202A), DO-355, DO-356 et al ecosystem is non-trivial but affects virtually everyone involved with aviation development and deployment. This AFuzion / Grammatech webinar prepares YOU to begin preparing TODAY for TOMORROW's threats, and mandates. Register here
Free Webinar: Preparing for ISO 26262 Version 2
(Ithaca/New York/USA, Offenburg/Germany, 13 August 2019)
Date: Tuesday, 13th August 2019, 06:00 pm CEST, 11:00 am EST
GrammaTech CodeSonar 5.1 Available
(Ithaca/New York/USA, Offenburg/Germany, 21 June 2019)
Grammatech has released version 5.1 of the static code analysis tool CodeSonar. The new version has the following new features and enhancements:
- CodeSonar now integrates with the static analysis tool named Julia for the analysis of Java and C#
- Support of SARIF (SARIF is a new standard for representing the results of static analysis tools. As the standard has not been finalized yet, CodeSonar supports importing and exporting the 11/28 version. This is compatible with the version of SARIF exported by the Clang Static Analyzer.
- Pylint Integration: CodeSonar now integrates with Pylint through SARIF. Warnings generated by Pylint can be imported into the CodeSonar user interface and managed just like other warnings.
- HTML 5 Visualization: There is a new interface for browsing call trees, invokable from the info window. This functionality will be extended in future releases to replace the old Java-based visualization applet.
- Enhanced Return Code Checking: The return code checker now covers many more functions than previously, covering libraries such as Qt, the GNU C Library, OpenSSL, the GLib GNOME Library, libPNG, and several others.
- C++-17 Support: CodeSonar now has better compatibility with C++-17, as is used by newer
- Decompiler for Intel 64-bit: The decompiler in CodeSonar for binaries can now show code decompiled from the Intel-64 instruction set architecture.
GrammaTech participates in the MISRA Committee / Merging of the MISRA C++ and AUTOSAR C++ Guidelines
(Ithaca/New York, Offenburg, 21 June 2019)
The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in C++.
Verifysoft’s partner GrammaTech is an active participant in the MISRA committee and is collaborating in merging these standards.
GrammaTech’s Vice President of Engineering Paul Anderson is now an official member of the MISRA committee and will be working with the other members to develop new versions of the MISRA standards. Learn more about MISRA C++ 2008 and AUTOSAR C++14 merger
Webinar with ARM and Wind River "Automotive Safety from the Ground Up: Hardware, OS and Static Analysis"
(Offenburg, 18 February 2019)
There are various software systems in a car, each with different security and safety requirements. In the webinar ARM, Wind River and GrammaTech highlight the capabilities on offer that help to build complex safety critical software systems.
ARM provides an overview on how their IP portfolio and the Arm Safety Ready Program enable customers to achieve functional safety. Wind River covers their operating system layer and how VxWorks works. This scalable, safety certified real-time operating system can provide OS features and flexibilities such as virtualization, in safety certifiable configurations.
Finally GrammaTech outlines how CodeSonar’s static analysis for source and binary helps write secure software. Furthermore, the section provides an overview on how the Tool Safety Manual, generated by CodeSonar’s Qualification Kit, guides users of static analysis in their safety argumentation.
Read the full article here.
Real World Benchmark for Static Code Analysis Tools
(Ithaca/New York, Offenburg, 4 February 2019)
Software development and quality managers that are looking to measure the benefit of static analysis can now use BugInjector, a tool that can inject Common Weakness Enumeration (CWE) based bug patterns into existing code bases, thus delivering real-world benchmarks. This independent real-world benchmarks have been created by GrammaTech under contract for the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and are now available in the Software Assurance Marketplace (SWAMP) at no cost.
"There is an urgent need for benchmarks, such as those from GrammaTech, to allow software developers to evaluate static analysis tools in a comprehensive and real-world setting," says Barton Miller, Professor of Computer Sciences at the University of Wisconsin – Madison and Chief Scientist of SWAMP. "Also, developers of static analysis tools now have the ability to enhance their tools or benchmark new static analysis technologies with realistic test cases. Integrating these benchmarks into the SWAMP platform increases their effectiveness and availability."
Read the post here.
New GrammaTech Blog Posts
(Ithaca/New York, Offenburg/Germany, 24 January 2019)
The Role of Static Application Security Tools (SAST) in DevSecOps is an article which explains the role of static application security tools (SAST) such as GrammaTech CodeSonar and how they can be used in Dev(Sec)Ops and continuous development pipelines to improve quality and security.
Read the post here.
An other GrammaTech post with the title How Does the OWASP Top 10 Apply to C/C++ Development? shows a top ten list of the most critical web application security risks and how static code analysis helps to avoid this risks.
Read the post here.
DARPA Awards GrammaTech $8.4M USD for Autonomous Cyber Hardening Technology
(Ithaca/New York, January 2019)
GrammaTech announced that it has been awarded a $8.4 million USD, 4-year contract from Defense Advanced Research Projects Agency (DARPA), an agency of the U.S. Department of Defense, to develop technology that generates and deploys secure configurations to commercial off-the-shelf (COTS) equipment rapidly and largely autonomously.
Read the full article here.