CodeSonar, produced by GrammaTech, is source and binary code analysis software that finds critical defects that can crash systems, result in unexpected operations, threaten security, and more.

Download CodeSonar
Features of CodeSonar
  • Employs advanced algorithms to analyze entire programs of million of lines of code
  • Complies with coding standards
  • Provides efficiency tools that enhance team collaboration, quality metrics, architecture visualization
  • Reduces development costs by identifying defects earlier in the process
  • Provides custom checks and metrics
  • Scalable
Pros of CodeSonar
  • Identifies hard-to-track defects that reside in deep parts of code structures
  • The powerful interface allows developers to easily navigate through code, compare elements, and identify issues
  • Provides native support for JPL
  • Contains strong report generation features, including text-only output and an advanced static analysis engine
  • Trusted to inspect some of the most sensitive software applications in use today
Cons of CodeSonar
  • Since static code analysis is performed, this software may not be able to identify defects found by a dynamic analysis
  • The tool is dependent on test scaffolds, and it may not notice defects that aren’t part of the scaffold
  • It generates a large amount of data which consumes resources and affects hardware performance
CodeSonar Reviews

CodeSonar is a leading code analysis tool. It is popular among major research entities, governments, and commercial enterprises to validate important software applications. For example, CodeSonar has been used to inspect software for NASA space missions, implantable medical devices, critical military applications, and more. CodeSonar claims to find more defects than any other tools due to GrammaTech’s recent advancements in concurrency and tainted dataflow analysis. When placed head-to-head with competing software in benchmarking tests, CodeSonar performs best in resource management, identifying static memory, and analysis of concurrency. CodeSonar is effective in analyzing whole programs aside from incremental updates. It first uses a baseline analysis to inspect the entire program, and then it applies a parallel and incremental inspection process to validate daily changes. CodeSonar identifies fatal, critical, and innocuous defects, all of which have varying degrees of impact to a software system. Overall, this tool is designed for validating large-scale application development efforts. Its analysis engine can consume large amounts of resources, so it is recommended that analyses are completed on high-performance machines. Aside from its higher level of consumption, it is a dependable and leading software quality tool.

CodeSonar Video

Alternatives to CodeSonar


StyleCop is a small tool built on open-source code that is designed to analyze C# in order to determine its consistency with the coding syntax that StyleCop designates. Since the tool was designed
Show details


SonarQube is code review and management software. The software is developed by SonarSource, which was founded in 2008 by Freddy Mallet, Simon Brandhof and Olivier Gaudin. Development of SonarQube
Show details


PyCharm is an IDE with a rich set of tools for Python developers. The software was developed by JetBrains, and it is available for Windows, Mac, and Linux. PyCharm will analyze, test, and debug
Show details

WhiteSource Software

WhiteSource offers an open source license management and security solution. WhiteSource automates the entire process of open source selection, approval, detection of vulnerable or problematic
Show details


New JSHint website. Anton Kovalyov Oct 1st, 2013. For the last couple of weeks I've been working on a new homepage for JSHint and today I'm proud to announce the new! JSHint Website.
Show details


Some of the goals for the project include the following:
Show details

Black Duck

Organizations worldwide use Black Duck Software’s solutions to ensure open source security and license compliance in their applications and containers.
Show details


*/ /*-->*/ Faster delivery of secure, reliable, and conformant code As teams develop code with more features, shorter timelines, and stricter standards than ever before, it gets increasin
Show details


Application security platform for every stage and all the stakeholders in the SDLC. OWASP, CWE, PCI-DSS, NIST
Show details


Python, pylint, pyreverse, code analysis, checker, logilab, pep8
Show details


Cppcheck is an analysis tool for C/C++ code. It detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
Show details


Developers of distcc. Mailing list at - distcc
Show details