GrammaTech: cybersecurity at forefront of CodeSonar 4.5 static analysis release
Software teams looking to improve code quality and security have an updated tool for their toolbox. GrammaTech announced immediate availability of CodeSonar 4.5, bringing a comprehensive set of enhancements, as well as static-analysis-as-a-service, to the advanced tool.
In addition to the technical updates of the tool, software teams can now reap the benefits of higher code quality even faster with Software Assurance Services, GrammaTech’s offering of static analysis as an on-premises service. GrammaTech’s senior consultants will manage the static analysis workflows and processes, allowing customers to focus on resolving the defects reported even more efficiently.
CodeSonar 4.5 brings a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs have been introduced allowing software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers. Additionally, improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations.
New checkers have been made available in CodeSonar 4.5 to detect malicious code that has purposely or inadvertently been added into code. These checkers help combat the rise of cybercrime within companies. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior). The new checkers highlight suspicious code before it can pose a problem in deployed systems.