Integration with DevOps workflows and CI / CD pipeline Shift-Left testing with GrammaTech’s CodeSonar 6.0
With GrammaTech’s CodeSonar 6.0, Static Application Security Testing, or SAST for short, will better integrate with existing DevOps pipelines. In addition, according to the manufacturer, the new Major release offers various visualization and analysis improvements.
Companies on the topic
CodeSonar 6.0 is designed to integrate deeply into DevOps-oriented processes and thus provide a shift left of security.
(Image: GrammaTech)
CodeSonar is a static security testing solution that allows developers to write secure code without having to change familiar workflows. According to GrammaTech, version 6.0 of the SAST solution offers some visualization and analysis improvements as well as additional language and compiler support.
Thanks to the GitLab integration, security checks can now be directly integrated into CI/CD, i.e. continuous integration and continuous delivery processes. Thus, CodeSonar supports early testing in the development lifecycle (shift-left testing). Many of the innovations aim to automate the detection of security problems.
When testing C and C++, GrammaTech says it has improved the C++parser, it now supports the language features of C++20 and offers analysis functions for Android 11. In addition, the models for several compiler types have been updated, new warning classes have been implemented, and the CWE (Common Weakness Enumeration) Broad Mapping has been refined and updated to CWE 4.3.
With regard to the Java programming language, CodeSonar 6.0 includes the new Java analysis engine and, according to GrammaTech, covers CWE vulnerabilities more broadly. In addition, the latest release offers support up to Java 14 and full integration into the CodeSonar Hub.
In German-speaking countries, CodeSonar sales and support are carried out via Verifysoft Technology GmbH, where free evaluations are also available. At the virtual Static Analysis Days 2021 on Wednesday and Thursday, 5 and 6 May, interested parties can also inform themselves about the possibilities of SAST.
(ID:47364955)
