GrammaTech CodeSentry v4.0 Available

(Ithaca/USA, Offenburg/Germany, 13 September 2022)

Version v4.0 of the Binary Software Composition Analysis tool CodeSentry is now available.
CodeSentry v4.0 includes the following new features and enhancements:

New and Expanded Analysis Capabilities

• Support for open-source component detection in Mobile, Firmware, and Embedded software (a wide range of binaries are supported, including Android, iOS, VxWorks, QNX, Cisco and other popular embedded and firmware image formats)
• New support for binaries originating from C#, Go, and Java source code
• Detection of JavaScript and Python components and packages
• Expanded version detection to provide more accurate reporting of older and more vulnerable open-source components
• 11,000 new vulnerabilities have been added to the CodeSentry vulnerability database
• File system image formats such as ext2, ext3, VMDK and others can now be scanned

Improved User Interface

• The CodeSentry User Interface now has a Dark Mode option for easier viewing
• A summary of N-Day Findings is now available in the Detailed Vulnerability Report (PDF) to review the high-level security of detected components
• When uploading an artifact, the upload progress is now displayed in the UI

New On-Premise Installer

• The CodeSentry on-premise installer is now delivered via Replicated – this technology makes it even easier to deploy CodeSentry in an on-premise Kubernetes cluster or air-gapped network.

The complete release notes are available from GrammaTech's website.

GrammaTech CodeSonar 7.1 Available

(Ithaca/USA, Offenburg/Germany, 9 September 2022)

GrammaTech announces the general availability of CodeSonar version 7.1.
This release has several new features as well as numerous bug fixes, compatibility updates, and other minor improvements. The highlights are listed below; for more complete details, see the release notes at Grammatech web page.

Hybrid Cloud Deployment

• Provides greater deployment flexibility and efficiency.
• CodeSonar hub can now be hosted in a single-tenant AWS cloud instance within the GrammaTech Cloud, to securely support geographically distributed teams.
• Combines on-premises build with a CodeSonar hub hosted in the GrammaTech Cloud on AWS.
• Simplifies administrative tasks such as provisioning new users and instantly scaling up cloud resources to meet changes in code scanning needs.

Integrations

• CodeSonar now has full support for Visual Studio Code. The GrammaTech extension, which will be available on the Microsoft Marketplace shortly, allows your engineers to connect securely to a hub, upload an analysis, or download, view, and work with warnings directly in the IDE.

C/C++

• Support for the Tasking compiler on Linux.
• Upgrades to support the latest features of GCC 12 and LLVM 14.

Java/C#

• CodeSonar has added more code-style warnings for C# in addition to the deeper analysis it has always provided.

CodeSonar Hub

• The look-and-feel of the help system has been modernized.

CodeSonar for Binaries

• CodeSonar 7.1 includes the latest release of CodeSonar for Binaries.

Customers with an active maintenance contract will be entitled to an upgrade to the latest version.
Free trial licenses are available for companies which want to check possibilites to increase their development process and product quality.

Just for Run: Verifysoft at the Ortenau Running Night 2022

(Willstätt-Sand/Germany, 3 September 2022)

Verifysoft runs for success. With the motto "Just for Run" we were represented with two teams at the Ortenau Running Night
in Willstätt-Sand at the beginning of September. Even if it wasn't enough for the podium this time: We had a lot of fun!
We are always on the medal positions with our software testing tools - so that our customers' software development runs smoothly.
Check our YouTube video.

Verifysoft assigns Gopalam Embedded Systems Pte Ltd. as Distributor for Singapore and South Eastern Asia

(Singapore, Offenburg/Germany, 13 July 2022)

Verifysoft appointed Gopalam Embedded Systems Pte Ltd. as distributor for Testwell Tools for South Eastern Asia.
Gopalam Embedded Systems (GES) is based in Singapore and will serve our customers and prospectives in the ASEAN region (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam).
GES offers a wide range of highly integrated hardware and software embedded solutions from leading vendors across the world. The company supports the entire development life-cycle of embedded systems from design, development, debugging to verification and validation.
"We are excited to distribute Testwell CTC++, the leading Code Coverage Analyzer for embedded systems, in South Eastern Asia" state Mr. Gurunatham G.V. (CEO and president of GES) and Mrs. Pratibha Gopalam (Executive Director of GES). Klaus Lambertz, CEO of Verifysoft is convinced, that "GES is a perfect partner for expanding the usage of the Testwell tools in the ASEAN region".
More information about our distributors is available here.

With the bike to the job in the Eurodistrict / Au boulot à vélo: Verifysoft team drives more than 1000 kilometers!

(Offenburg/Germany, 28 June 2022)

The challenge "Au Boulot à Vélo" was already launched in 2009 by the bicycle club CADR67 and the Eurometropole Strasbourg. The aim is to encourage the use of bicycles on the way to and from work - and of course to have fun together.
Since the Challenge 2022 became a cross-border event, Verifysoft has been involved. About a third of our employees will be pedaling harder in June than they already have done the months before. We hope to get in a good mileage despite numerous vacation absences, a trade show and a conference at the end of June. We've already had a lot of fun so far - and the cyclists come to the office with a lot of "positive energy".
Before the end of the Challenge, our team had already cycled over 1,000 kilometers on their way to work. We have had a lot of fun: check our YouTube video.

Embedded World: Many Visitors at the Verifysoft Booth

(Nuremberg/Germany, 23 June 2022)

From June 21 to 23, 2022, Verifysoft informed numerous customers and interested people at our booth at Embedded World in Nuremberg about test and analysis tools as well as our seminar program.
After the "Corona break" we were very happy about the "business as usual".
More information is available on our web site and our Embedded World video

Software development and safety standards: webinars in the second half of 2022

(Offenburg/Germany, 23rd May 2022)

Benefit from the practical experience of an established specialist in testing, certification and implementation of safety standards and register for our webinars in the second half of the year.
Dipl.-Ing. Martin Heininger from HEICON Global Engineering, lectures on the following topics:
4th October 2022: Experience-based selection of software development measures and methods, which are required by ISO 26262. Information and registration
22nd November 2022: Proven verification process that simultaneously fulfils the standards IEC 61508, DIN EN 50128, EN 50567 and ISO 25119. Information and registration

GrammaTech CodeSentry v3.1 Available

(Ithaca/USA, Offenburg/Germany, 2nd May 2022)

Version v3.1 of the Binary Software Composition Analysis tool CodeSentry is now available.
CodeSentry v3.1 includes the following new features and enhancements:

• Software Bill of Materials can now be exported in SPDX format,
• CycloneDX SBOM format exports now include License and Supplier (Vendor) information where available,
• Security Attributes Service scans and results are now available via the UI,
  • Reports on binary security features such as ASLR, Stack Execution and more
• Enhanced Reports include new Scan Dashboard and Security Attributes Reporting
• Over 20,000 new and updated vulnerabilities including detection of the Log4Shell vulnerability
• Support for additional archive file formats
  • ISO, ext4, SquashFS

For further information watch our video

GrammaTech CodeSonar 7.0 Available

(Ithaca/USA, Offenburg/Germany, 27th April 2022)

GrammaTech announces the availability of the static code analysis tool CodeSonar version 7.0.
There are many ways our customers use CodeSonar to validate complex systems, build secure systems, and certify critical infrastructure that cannot fail. We hear from our customers that CodeSonar is an essential component of their portfolio of tools and that they value the accuracy of our results.

This release adds new features to help customers realize even more value from CodeSonar:

• Hybrid SaaS Deployment (beta for select customers). This is the first step in our CodeSonar modernization plans and will help us serve customers supporting distributed development teams. This deployment model will be fully available for all customers in the in 7.1 release.
• Our Microsoft IDE plugin now supports Visual Studio 2022, the most recent version from Microsoft.
• We have improved how our Jenkins plugin handles reporting when there are multiple, concurrent builds taking place, and we have updated the GitHub plugin to support the most up-to-date schema.
• User roles and permissions are automatically populated in the Hub from a customer’s LDAP or SSO service. This is going to save tool administrators a lot of time.
• 7 new SEI CERT-C, 6 new CERT-CPP, and 4 new CWE rules.
• Support for Metrowerks ColdFire 6 compiler (32-bit and 64-bit).
• Improvements to how the IAR compiler reports results for built-in functions. We used to report the functions as undefined, which was problematic for some customers.
• Update the C/C++ parser to EDG version 6.3. EDG is a class-leading parser and we are running the latest version of it.
• We have added code-style warnings for C# in addition to the deeper analysis we have always provided and improved the warning messages to help your customers diagnose why a warning is being reported.
• The CWE and OWASP reports in the Hub are updated to the 2021 standards.
• CodeSonar 7.0 includes the latest release of CodeSonar for Binaries.

Customers with an active maintenance contract will be entitled to an upgrade to the latest version. Free trial licenses are available for companies which want to check possibilites to increase their development process and product quality.

Verifysoft expands presence in China with Watertek as further Distributor

(Offenburg/Germany, Beijing/China, 12th April 2022)

Verifysoft appointed Watertek as further distributor for Testwell CTC++ Test Coverage Analyser in China.
Founded in 1997 and headquartered in Beijing, the company is focussed on embedded systems. Watertek became a public company in 2012 and has more than 3700 employees. Main branches are in Shanghai, Chengdu, Shenzhen, Xian and Hongkong.
“Testwell CTC++ is a leading code coverage analyzer with proven success for safety critical embedded software”, says Ms. Shen Fang from Watertek. “We are looking forward to a successful cooperation with Verifysoft.”
“We are excited to have Watertek as a strong partner in a country with high demand for software testing tools”, says Verifysoft-CEO Klaus Lambertz. “The Chinese market is very large, so that we need more presence in China in addition to our Beijing Siener Electronics, who is our distributor for China since 2016.”
More information about our distributors is available here.

Lithuanian Company Axioma Metering uses Testwell CTC++ to analyze Code Coverage

(Kaunas/Lithuania, Offenburg/Germany, 22nd March 2022)

Axioma Metering develops and manufactures ultrasonic heat, water metering and data management. The company which is a part of ICOR Group (one of the largest corporate groups in the Baltic States) has choosen Testwell CTC++ for measuring Code Coverage.
With Axioma as its first customer in Lithuania, Testwell CTC++ is now successfully used by over 700 customers in 41 countries to improve code quality.
"For deeper and more complete testing without a tool analyzing code coverage, it is difficult to assess how fully the unit testing has been completed", states Povilas Jakavičius, Strategic Procurement Manager of Axioma. "For our meters we use multi-condition coverage for which Testwell CTC++ generates clear and informative reports".
Read the User testimonial here / Access to all user testimonials.

Testwell CTC++ 9.1.4 with macOS Support Available

(Offenburg/Germany, 18th March 2022)

Verifysoft has released version 9.1.4 of Testwell CTC++ Test Coverage Analyser.
In addition to Windows and Linux, version 9.1.4 now supports macOS (Big Sur, Monterey) for x86_64 and arm64 (M1) architectures.
There are also some minor bug fixes. Learn more

Imagix 4D version 10.4 Available

(San Luis Obispo/USA, Offenburg/Germany, 8th March 2022)

Imagix 4D version 10.4 has been released. The focus of this new version is MISRA-C 2012. Imagix 4D 10.4 provides you with a checklist covering all MISRA-C 2012 directives and rules.
Moreover, there are some further minor enhancements:
- Additional display option 'By Origin' for probes in reviews set as default.
- Displaying probes with entries from different files in the same window.
- Creating call graph from architecture includes members from selected or visible subsystems.
More details are available in the release notes.
Customers with valid maintenance can download the new version from Imagix website.

First Aid for Old Code

(Offenburg/Germany, 4th March 2022)

Manufacturers must ensure the quality of their software throughout the entire lifecycle of a product. If new functions are added to older devices, but the documentation of the software is inadequate and no one really knows the old code anymore, this task becomes problematic.
Using medical device software as an example, our technical article describes a suitable procedure.
Read the article on our blog

Recorded Webinars about Code Coverage for Safety Critical Systems and Tool Qualifications Online

(Offenburg, 14th February 2022)

The recorded webinars of our US/Indian distributor Lexingtonsoft about Testwell CTC++ / Code Coverage for Safety Critical Systems and of Dr. Oscar Slotosch (Validas AG, Munich) about Testwell CTC++ Tool Qualification are now online on our YouTube Channel.
The presentation of Oscar Slotosch, one of the leading specialists for Tool Chain Qualifications, handles also the difference between Qualification and Certification of tools.

White-Box Testing in safety-related Projects: Recorded Webinar Online

(Offenburg, 31st January 2022)

Numerous participants at the webinar "White-Box Testing in safety-related Projects" with Dipl.-Ing. Martin Heininger with HEICON Global Engineering learned at the end of January about the five most important points for successful white-box testing in security-related projects:
- How are the expected functional test results determined?
- Which test methods are used to create normal range test cases?
- Which test methods are used to create robustness test cases?
- What role plays the structural source code coverage?
- How do you successfully and efficiently perform test reviews?
Missed the webinar? Have a look to the recorded webinar!

GrammaTech CodeSentry v3.0 Available

(Ithaca/USA, Offenburg/Germany, 25th January 2022)

Version v3.0 of the Binary Software Composition Analysis tool CodeSentry is now available.
CodeSentry v3.0 includes the following enhancements:

• Enriched vulnerability information
• 8 new fields including links to patches, component upgrades, and remediation information
• Open Source Component Licenses (GPL, BSD, etc) are now reported with the associated license risk
• New Zero-Day Shallow Scan with faster scanning times
• New Security Attributes Service
• Reports on binary security features such as ASLR, Stack Execution and more
• Enhanced CodeSentry Portal featuring new Application Dashboard and Custom Report Generation
• Expanded Component Database with improved component version detection
• Audit Logging of system activity is now available
• Support for additional archive file formats
• MacOS DMG (Extended), .pax archives, symlinks in archives