Eliminate security and safety issues with CodeSonar's source code and Binary analysis
CodeSonar employs a unified dataflow and symbolic execution analysis that examines the computation of the complete application. By not relying on pattern matching or similar approximations, CodeSonar's static analysis engine is extraordinarily deep, finding 3-5 times more defects on average than other static analysis tools.
Broad coverage of security vulnerabilities, including OWASP Top10, SANS/CWE 25. Support for third party applications through byte code analysis.
Integration into DevSecOps to improve quality of the code and developer efficiency. Find code quality and performance issues at speed.
Checkers that detect performance impacts such as unnecessary test for nullness, creation of redundant objects or superfluous memory writes.
How does static analysis work?
Like a compiler, CodeSonar does a build of your code using your existing build environment, but instead of creating object code, CodeSonar creates an abstract model of your entire program. From the derived model, CodeSonar’s symbolic execution engine explores program paths, reasoning about program variables and how they relate. Advanced theorem-proving technology prunes infeasible program paths from the exploration.
DevSecOps - Speed and Scale
Software developers need rapid feedback on security vulnerabilities in their code. CodeSonar can be integrated into software development environments, works unobtrusively to the developer and provides rapid feedback.
Static analysis is an important technology for developing software that needs to achieve high levels of functional safety. CodeSonar is pre-qualified for the highest levels of safety for the IEC 61508, ISO 26262 and CENELEC EN 50128 standards by Exida. Artifacts for qualification according to DO-178C / DO-330 are also available.
Finding problems is not sufficient, the developer needs to understand the problems that have been uncovered. CodeSonar provides comprehensive code understanding capabilities, helping developers understand and fix issues rapidly.
Software Supply Chain Security Platform
CodeSentry is derived from GrammaTech’s ground-breaking binary code analysis research. This technology achieves deep scalable analysis without the need for source code and is suitable for enterprise-wide adoption. Binary analysis is both efficient and less error prone than conventional SCA tools and due to CodeSentry’s high precision and recall results in fewer missed vulnerabilities and fewer false positives. The key advantage of CodeSentry is the ability to interrogate – at the binary level - both open-source software and the third-party software that is now so commonly used.
Software Bill of Materials
CodeSentry creates a detailed software bill of materials (SBOM) and lists known vulnerabilities in the detected components including any dependencies. CodeSentry continuously tracks these vulnerabilities throughout the software lifecycle. CodeSentry enables all your applications to be audit ready without rework or guesswork. The SBOM can be embedded along with each application making audit requests more reliable.
Vulnerability Report and Security Score
CodeSentry detects both N-Day and Zero-Day vulnerabilities in discovered open source components. By providing a high-level security score and detailed vulnerability reports, CodeSentry delivers visibility into hidden vulnerabilities and remediation information for third-party code and commercial-off-the-shelf software.
Deep Binary Analysis
CodeSentry’s binary detection capability is made possible with our deep scalable binary analysis.
This approach yields high precision and recall meaning less missed vulnerabilities and less false positives.
Software Re-Use Risk Management
CodeSentry allows security professionals to measure and manage the risk associated with third-party software quickly and easily. Achieved with a powerful combination of deep binary analysis, detailed software bill of materials (SBOM) and a comprehensive list of known vulnerabilities. Tracked and managed throughout the software lifecycle.
What is CodeSentry Binary Software Composition Analysis?
CodeSentry uses multiple component matching algorithms that provide speed and accuracy of component detection across different Instruction Set Architectures (ISAs) and compilers. These algorithms compute and compare code signatures using properties ranging from lexical information such as the contents of strings, up to deep semantic abstractions of the high-level logic contained in functions.