CodeSonar Reviews

After each build, we ask CodeSonar to analyze the code, and we're checking to see if we are increasing or decreasing the number of issues on the code.

We were using MISRA rules to code, and due to the fact that we were using all these rules, it helped us at least to have a code that was the same between all the developers we had on the team. This is not a feature added by CodeSonar since other code-analysis tools could add it. However, from what I heard about all the other tools, the web interface is quite nice on CodeSonar. 

The solution is stable.

It is quick to deploy.

It has been able to scale. 

It was difficult for us to have a rule since we sometimes have an issue based on the rules we apply. I don't know if it's an issue with the MISRA rule or how CodeSonar applies rules. However, it was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code. It's tricky to understand exactly how CodeSonar is analyzing the code. Basically, making rules not to be applied everywhere in the code is tricky.

The initial setup is difficult. 

It was expensive.

I've used the solution for five to six months.

The solution is stable. We've never had any crashes. 

I have found the solution to be scalable. I've used it on four other projects and never had a problem with it. 

We have ten people using the solution right now. They are developers and engineers. 

Technical support is helpful. We had an issue with part of the code being analyzed that we didn't want to be touched since it was a third-party code. It was difficult for CodeSonar to add a specific tool not to analyze this part of the code. We had to contact the support for that. They helped us.

Positive

This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules.

At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar.

I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.

The initial setup can be difficult. 

I don't know if it was on an initial implementation, however, I had to do the upgrade on my side. We upgraded from one version to another one. However, I cannot remember the rules, yet I remember that it was difficult. In my case, it wasn't exactly a full fresh setup, it was an upgrade, and the upgrade was difficult.

It doesn't take too long to deploy the solution. You could do it in one day.

The issue is mostly how to make it usable for everyone, which is more complicated, however, the installation is quite easy.

I'm not sure of the exact pricing. However, I do know it is expensive. 

The price is maybe a little bit too high. A free tool can do the analysis. However, it can be time-consuming just to develop a tool like that, and the company only buys that since it's reliable. When you want to prove that you make an analysis, you can say, "Okay, we used CodeSonar," and people say, "Okay, now I know that you use a reliable tool." If you do it by yourself, it can be difficult just to prove that your tool is also reliable. People who want to use an easy solution just buy this, even though it can be done manually.

I'm a customer and end-user.

I'm not sure which version of the solution we're using.

The manual is quite good. That said, you really have to follow the manual not to miss any steps, since some steps are not really described correctly. You really have to follow all the steps for the installation. Beyond that, there is not so much help on the internet. 

I'd rate the solution eight out of ten. It's helped us a lot with some issues and has helped us avoid bad code. 

CodeSonar was integrated into Jenkins.

We used CodeSonar for our DevOps when every code change was sent to our repository. There was a check enabled that was used to run CodeSonar for the submitted code.

The solution has helped out the organization because of the buffer usage. There was a vehicle identification number that we had to configure and since it was a string, it was common to use the buffer overflow. While that was happening, it did not get a valid VIN number for the vehicle. For this example, the solution was very helpful.

The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful.

It was comfortable logging into the solution and seeing all the warnings that are there in case we wanted to suppress them.

I am from the embedded domain, in which typically, our code works on the hardware. We follow a standard called MISRA guidelines. The MISRA guidelines were not appropriately reported. There were some flags or errors. I was working on C++ code and there were certain class categories, which were C standards, and were being reported in C++, where C++ is a higher-level language, some of those may not even be applicable in the latest C++ version that we had. The reporting could improve to make the solution better.

In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.

I have been using CodeSonar for approximately three years.

CodeSonar is stable.

The scalability of CodeSonar is good. Our organization might increase the usage of the solution.

I rate the support from CodeSonar a four out of five.

Positive

We used one other solution other prior to CodeSonar.

We have received a return on investment using CodeSonar.

Our organization purchased a license to use the solution.

We have not needed more than two people for the maintenance of the solution.

My advice to others is this is a needed tool if you are deploying something on a larger scale.

I rate CodeSonar an eight out of ten.

Our company uses the solution to perform static code analysis for our customers. 

We provide the solution as a service where we run the tool, identify any vulnerabilities, check triage, and output results. 

Our team includes ten developers who focus solely on security reviews. 

The solution effectively ensures that code is robust by identifying issues, defects, and potential vulnerabilities that may turn into security problems. 

There is nice functionality for code surfing and browsing. 

It would be beneficial for the solution to include code standards and additional functionality for security. A higher emphasis is currently placed on quality defects than on security items. 

I have used the solution my entire career. 

The solution is very stable and we have used it for a long time with no issues. 

Technical support is very good and responds quickly. The support team actually developed the solution so they are very knowledgeable and provide concrete solutions. 

The setup is simple and straightforward. 

We implement the solution for our customers. 

The solution requires a centralized server so managing disk space, coding style, and configurations is important. For large corporations, this likely requires an IT group for management. 

The solution has a high total cost. Sometimes costs exceed licenses because administrators are needed to manage projects. 

The ROI is that the tool fixes all quality problems and reduces vulnerabilities. 

The solution's price depends on the number of licenses needed and the source code for the project. A project with a few million or more lines of source code will require multiple licenses. 

For our use cases, the costs are typically above $100,000 per year. 

Both the solution and Coverity are pricey. 

We evaluated CodeSentry a year ago but did not need the tool. 

Before implementing the solution, talk to technical support to get suggestions for products and implementations. 

I rate the solution a nine out of ten. 

A few of our customers are in the defense industry in India and they're using CodeSonar. In the company, we are from the support team, and in particular, we are application engineers, so if customers are facing technical issues with CodeSonar, we go to their labs and guide them on how to use the product, etc.

What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else.

I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.

In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it.

Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.

I've been using CodeSonar for three months now, but because I'm very familiar with similar static code analysis tools such as Polyspace, I haven't faced any difficulties when using CodeSonar.

CodeSonar is a stable tool.

I found CodeSonar scalable. Everything was fantastic about the tool.

Technical support for CodeSonar was fantastic. I'm giving support a five out of five rating.

I've not seen how CodeSonar was set up because we just gave three to four demos to customers who have been very happy with the demos and have seen all capabilities of the tool, and those customers are planning to use CodeSonar for internal projects.

Deployment for CodeSonar was completed within fifteen to twenty minutes and was done by the in-house team.

I've seen ROI from CodeSonar.

I don't have knowledge on the licensing costs for CodeSonar because that part is handled by the sales team. I'm in the technical team.

My company is a distributor of CodeSonar from GrammaTech. In the last two months, my company officially signed with GrammaTech, so now my company is a partner of CodeSonar. I'm looking into CodeSonar and comparing it with different variants available in the market such as Polyspace, Coverity, and SonarQube, but my team is very much interested in pitching CodeSonar to the market. My team needs to show the strength, capability, feasibility, and integrity of the tool, and how it can be very helpful for the security and defense of businesses.

I had the chance to try CodeSonar within the last twelve months, and I'm using its latest version.

Pitching the tool to customers was very easy probably because those were corporate and government customers who understand the pitches, plus CodeSonar comes with a manual and it's one of the best things about the tool.

My company currently has fifty or so customers using CodeSonar, and there's a plan to increase its usage in the future.

I would rate CodeSonar ten out of ten, particularly because of the support it provides.

We use CodeSonar for static analysis and finding security threats or vulnerabilities.

CodeSonar’s most valuable feature is finding security threats. It is a significant benefit for us.

Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will be very beneficial for a large company site.

We have been using CodeSonar for two years.

I rate the application’s stability a nine out of ten.

My team consists of two to three developers who use CodeSonar. I rate its scalability an eight out of ten.

We have used a few open-source static analysis tools. We switched to CodeSonar for security, flexibility, and integration capabilities with multiple solutions.

The application is easy to deploy. Although, we have to wait in a queue while integrating it with GitHub because of the licensing model. There could be an option to share licenses for easier deployment. It takes a couple of hours to complete.

The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.

I recommend CodeSonar to others and rate it a seven out of ten.

I use CodeSonar for code framework quality validation.

CodeSonar has helped our organization because it detects dead and nonusable parts of code to create a more optimized code. In our microcontroller our memory flash is limited and this optimized code is very important.

The most valuable feature of CodeSonar is the catching of dead code. It is helpful.

CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C.

I have been using CodeSonar for approximately three years.

CodeSonar is stable.

The scalability of CodeSonar is good.

We do not have very many people using this solution in my company.

I rate the support from CodeSonar a four out of five.

I have previously used MISRA C.

The initial setup of CodeSonar is simple.

I did not evaluate other solutions.

I rate CodeSonar a seven out of ten.

We use this for catching some of the critical defects at the source code level for C and C++ code.

The tool is very good for detecting memory leaks.

The scanning tool for core architecture could be improved. The core complex is something that we really need to analyze, but the complex feature as a whole is not present in the tool.

I would like CodeSonar to support many other programming languages, apart from C and C++. They should support things like AngularJS and Node.js, which are trending in the market right now.

The stability is quite good, it can scale up a millionth of one component, so that's quite stable.

There are currently twenty users. I don't know if there are any plans to increase that it, but it is likely.

Their technical support is very good. We get good support from the USP. We had some issues when we wanted to integrate the solution along with other programs, but we got some good recommendations from them.

We didn't use another solution other than some of GrammaTech's control solutions, which were not reliable. That's the reason we had to go for a commercial one.

Pricing is a bit costly. They should come up with some automated licensing models, depending upon line support or something like that.

I would suggest trying out automated tools along with CodeSonar on your project, and you will find out that CodeSonar reports many more defects compared to other static analysis tools, so this is a very important tool.

I would rate CodeSonar as nine out of ten.