27 April 2021
Tool specific news: Company
Testwell CMT++/CMTJava
Testwell CTC++
GrammaTech CodeSentry
GrammaTech CodeSonar
Imagix
Events/Seminars
ALL NEWS

Demonstration by CS Group USA on CodeSonar and LEAFS to Reduce Cost and Time in Software Development
(Ithaca/New York/USA, 3 December 2020)
Watch the recorded webinar interview now.

What is coming up next from GrammaTech - TechStrong.tv Interview with GrammaTech
(Ithaca/New York/USA, 19 November 2020)
Alan Shimel at TechStrong.tv sat down with Mark Hermeling on November 19 in this 18-minute interview to discuss all things GrammaTech and what is coming up next!
Speakers: Alan Shimel, Co-Founder and Editor and Chief of MediaOps, Security Blvd & Container Journal & Mark Hermeling, Senior Director of Worldwide Sales at GrammaTech.
Watch the interview here.

Webinar: Achieving Industrial Functional Safety with IAR and GrammaTech
(Ithaca/New York/USA, 16 November 2020)
IAR will discuss how their compilers can assist with a path to achieving functional safety. Additionally, IR will discuss how their C-STAT tool fast tracks coding standard conformance.
With GrammaTech’s recent functional safety certification in IEC 61508, ISO 26262 and CENELEC EN 50128, GrammaTech will cover how CodeSonar’s static analysis for source and binary helps engineers write safe and secure software by supporting them during the software development lifecycle with deep, whole program static analysis.
Learn more in GrammaTech's and IAR's video.

GrammaTech CodeSonar 5.4 Available
(Ithaca/New York/USA, Offenburg/Germany, 8 October 2020)
A new version of the leading static analysis tool GrammaTech CodeSonar has been released.This release has several new features as well as compatibility updates:
The C++ parser has been upgraded, which provides much better parsing of C++ 17, improved support for C++ 20, and better compatibility with compiler dialects. These changes now also allow parsing of the recently released Android 11.
There are several new warning classes, all of which address rules in MISRA C++ 2008 and AUTOSAR C++.
Subcommands for DevSecOps: There is an entirely new way to invoke additional CodeSonar functionality from the command line through the Python API. This makes it easier to integrate with CI/CD tools such as Jenkins/GitHub/GitLab or other DevSecOps tools.

8th Static Analysis Day 2021 – Save the Date
(Offenburg, 21 September 2020)
On Tuesday, March 9 the 8th static Analysis Day (SAD) will take place in Offenburg. From 10am to 5pm there will be various interesting presentations about static code analysis. Further information and details will follow shortly.Register here to benefit from our early bird discount.
You can't wait unil next year? Then watch the videos from last year's presentations here.

Functional Safety Certification with GrammaTech
(Ithaca/New York/USA, 4 September 2020)
GrammaTech is specialized in helping customers improve their software development processes. Many of our customers work with software that has to be certified to certain levels of functional safety, and we receive many questions on the ins-and-outs of functional safety.
With GrammaTech's recent functional safety certification through Exida in IEC 61508, ISO 26262 and CENELEC EN 50128, we thought it would be beneficial to invite members of Exida's team to discuss the most frequently asked questions we receive.
Learn more in GrammaTech's and Exida's video.

Webinar: Tools to Perform a Security Review on Unknown Code
In this webinar we will show you how GrammaTech and Imagix can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
Watch video here.

GrammaTech Acquires JuliaSoft to Expand Reach of CodeSonar® SAST Platform to Java and C#
(Bethesda (MD)/USA, 22 July 2020)
GrammaTech announced that it has acquired the intellectual property and assets of JuliaSoft S.r.l. (Italy) to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code.To provide customers with an integrated solution for reliably detecting security vulnerabilities and other defects in their embedded applications, the Julia Static Analyzer will be unified into the CodeSonar® platform. This will enable developers to perform static analysis of C, C++, Java and C# code and develop secure applications faster. The new language support extends automated detection of software vulnerabilities to enterprise use cases where safety and security are indispensable.
The Julia products will immediately extend CodeSonar’s market reach and differentiation by further expanding its depth and breadth whether the use case is achieving code checking, code quality, code security or adhering to coding standards.

Imagix 4D Enhances CodeSonar Results
(Ithaca/New York/USA, Offenburg/Germany, 8 July 2020)
Imagix 4D provides now enhanced interpretations of GrammaTech CodeSonar results to help developers understand, debug and fix the reported issues. Imagix 4D imports results in SARIF format for each warning reported and provides enhanced, graphical visualization of each, overlaying CodeSonar results (via SARIF) on to code analysis Imagix 4D has done from the same source.Imagix 4D illustrates an important use case for SARIF in extending static analysis results to enhance the understanding of warning results. Using visualization, developers can diagnose and fix bugs more efficiently.
...
> Learn more.

GrammaTech CodeSonar 5.3 Available
(Ithaca/New York/USA, Offenburg/Germany, 17 June 2020)
This release of CodeSonar 5.3p0 has several new features as well as numerous bug fixes, compatibility updates, and other minor improvements:Uninitialized Variable
The Uninitialized Variable warning class has been extended to apply to uninitialized fields of structs and classes, and other partially uninitialized variables.
Default Configuration
CodeSonar now allows you to select a set of presets to be used by default for all projects, which alleviates the need for those presets to be specified at analysis time.
C++ Parsing
Compatibility with non-standard C++ language dialects understood by newer versions of compilers such as Clang and gcc has been improved.
MISRA
There are several new MISRA C++ 2008 warning classes.
Visualization
The HTML5 visualization tool has been extended to allow expansion of layers in the call graph.
NetBSD
CodeSonar is now available for NetBSD version 8.0.
> Learn more.

Automotive Cyber Security Online:
Speaker Spotlight of GrammaTech
Join us at our session titled “Recognizing the Intersection of Safety and Security Across the Software Lifecycle” on Day Two.
All OEMs, Tier 1 Suppliers, Fleet Owners, Government and other End-Users can attend at no cost.
Register here.

Webinar: Best Practices for Software Trustworthiness in IIoT Applications
Tuesday, June 17, 11:00 am PST/10 am CST (8:00 pm CET, Berlin, Wien, Zurich)
Untrustworthy software can have a significant impact on industrial systems. That impact could range from machine down time to lives being at stake? Do you want to bet your company’s assets on untrustworthy software over the complete lifecycle of your equipment?In this webinar, we will provide a high-level overview of software trustworthiness for developers, owner-operators, and decision makers in industrial IIoT systems. We’ll address various aspects of creating, acquiring, and protecting software and provide practical and actionable best practices for recognizing untrustworthy software. We’ll also explain how you can mitigate the risks associated with untrustworthy software.
Register here.

Webinar: Right Tool / Right Methodology – Developing Safety and Security Critical Systems
Ithaca/New York/USA, Offenburg/Germany, 27 May 2020
• Are you prepared enough in your knowledge of Safety-Critical or DO-178C to be “experts in the subject”?• Have you considered Cyber-Security/ DO-326A and its impact on your software?
• Are you receiving RFPs that have a requirement to adhere to coding standards?
• Are you currently doing manual peer review of code?
• Does your static analysis check coding standards _and_ detect bugs?
• Do you need to analyze software of unknown provenance?
GrammaTech’s CodeSonar for static analysis will help you find more defects in your code faster. AFuzion will show you the gaps in your Safety-Critical methodology and train you to harness the talent of your team - so you can get down to the business of releasing cutting-edge DoD-certified technology sooner, with peace of mind.
Watch the video.

GrammaTech CodeSonar Refreshes IEC 61508, ISO26262 and CENELEC EN 50128 Certifications
(Ithaca/New York/USA, Offenburg/Germany, 6 May 2020)
Three fresh new functional safety certificates are now available for GrammaTech CodeSonar version 5.2p0 and later covering IEC 61508, ISO 26262 and CENELEC EN 50128.These certificates document that CodeSonar is qualified to be used to develop software that needs to be certified to the highest functional safety levels: SIL 4 for IEC 61508 and CENELEC EN 50128 and ASIL D for ISO 26262.
The three certificates are at the core of the Functional Safety Documentation Kit that GrammaTech offers as an add-on to CodeSonar. This documentation kit provides additional documentation that customers will need when they integrate CodeSonar into their processes...
> Learn more.

Webinar: Combining SAST, Shift Left, Lean and DevSecOps
Ithaca/New York/USA, Offenburg/Germany, 5 May 2020
Wondering what you can do to maximize the efficiency of your software development teams? This webinar will go beyond keyword bingo and walk you through how you can combine static analysis with concepts from Shift Left and DevSecOps to empower your software developers.The webinar will look at how static analysis provides benefits to Shift Left and DevSecOps. It will look at more than ‘defect detection’ and focus on flexible workflows that allow developers to focus on their deliverables and integrate static analysis into their workflows without overhead.
Whether you use GitHub, GitLab, raw git, SVN, RCS, ClearCase, TFS, Top, or any other tool, this webinar will help you understand where static analysis fits in your workflow and how CodeSonar can be used to integrate into our CI/CD pipelines.
The result: Better code quality, increased safety and security and satisfied developers. Watch the video.

CodeSonar Selected by the Joint Federated Assurance Center (JFAC) to Improve Confidence in Department of Defense Applications
(Ithaca/New York/USA, Offenburg/Germany, May 2020)
GrammaTech announces their collaboration with the Joint Federated Assurance Center (JFAC) to provide CodeSonar® for Source and Binaries to Department of Defense organizations, improving their software-assurance practices and helping them deliver more secure and resilient software systems.Part of JFAC’s mission is to identify and facilitate access to software- and hardware-assurance expertise. In choosing CodeSonar® for Source and Binaries, they enable member organizations to improve their security-vulnerability detection capability from development to operations.
CodeSonar® can now be used by DoD programs to detect cyber vulnerabilities in source code during the software development lifecycle, as well as during the deployment phase when only binaries are available. ...
> Learn more.

DARPA Awards GrammaTech $7.6M for Safety and Certification Research
(Ithaca/New York/USA, Offenburg/Germany, March 2020)
GrammaTech, Inc. announces that it has been awarded a $7.6 million, four-year contract from Defense Advanced Research Projects Agency (DARPA).Automated Rapid Certification of Software (ARCOS) is a DARPA program focused on generating evidence and assurance cases for a broad range of certification and/or accreditation standards. ...
GrammaTech is developing a set of tools for ARCOS that will enable the same testing strategies used for new software development to be employed for recertification of legacy software and provide better traceability, complete with rationale for why specific test results deliver sufficient requirements and structural code coverage.
In addition, these tools will scale and automate test generation, execution, and test-suite maintenance to achieve measurably improved test coverage and completeness and decreasing time to deployment. ...
> Learn more.

Recommended Application Security Testing (AST) Techniques
(Ithaca/New York/USA, Offenburg/Germany, 20 March 2020)
There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing”.Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, static analysis tools or static application security testing tools (SAST) play an important part in developing secure software.
This post looks at some of the findings from the report and how we believe advanced SAST tools like GrammaTech CodeSonar® can help with the challenges and implement the recommendations. ...
> Learn more.

Embedded World 2020: Interview with Mark Hermeling, GrammaTech´s Director of Product Marketing
(Nuremberg/Germany, 15 March 2020)
We already have dynamic analysis. So why do we need static analysis at all anymore?As Mark Hermeling, Director of Product Marketing for GrammaTech explains, dynamic analysis code testing tools may identify errors like NULL pointer dereferences or buffer overflows days or weeks after the original author has finished writing the code.
But with static analysis, you're able to find those code quality issues earlier in the development cycle, eliminating a lot of potential cost, headaches, and wasted time later on.
And, these static analysis tools can even be applied to more modern languages like Java, Python, and so on.
Watch the Video here