Try our new research platform with insights from 80,000+ expert users
CodeSonar Logo

CodeSonar Reviews

Vendor: CodeSecure
4.1 out of 5
Leave a review

What is CodeSonar?

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about CodeSonar, SonarQube Server (formerly SonarQube), Snyk and more!
CodeSonar is the #10 ranked solution in top Static Code Analysis solutions and #31 ranked solution in application security solutions. PeerSpot users give CodeSonar an average rating of 8.2 out of 10. CodeSonar is most commonly compared to SonarQube Server (formerly SonarQube): CodeSonar vs SonarQube Server (formerly SonarQube). CodeSonar is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 23% of all views.
Buyer's Guide
Application Security Tools
August 2025
Get the category report
Helped 866,088 peers since 2012

Featured CodeSonar reviews

Read more reviews

CodeSonar mindshare

Product category:
Application Security Tools
As of August 2025, the mindshare of CodeSonar in the Application Security Tools category stands at 1.5%, up from 1.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
CodeSonar1.5%
SonarQube Server (formerly SonarQube)22.4%
Checkmarx One10.3%
Other65.8%
Application Security Tools
 
 
Key learnings from peers

Valuable Features

CodeSonar excels in detecting memory leaks and runtime errors with exceptional speed and analysis. Its standout features include user-friendly GUI, efficient dead code detection, categorized classes for future bug predictions, precise logging, stable deployment, and scalability. CodeSonar uniquely identifies security threats, ensuring robust code. Users appreciate the ease of code surfing, buffer overflow and underflow detection, and web interface, which significantly benefit development teams by maintaining code consistency and identifying potential vulnerabilities.
  • "CodeSonar’s most valuable feature is finding security threats."
  • "The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
  • "The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

Room for Improvement

CodeSonar needs improvements in core architecture analysis and support for more programming languages like AngularJS and Node.js. It lacks a sound static analysis, which limits its market presence. The coding rules can be challenging to apply selectively. Users find the initial setup challenging and expensive, with insufficient focus on security standards. Reporting issues with MISRA guidelines exist, being overly generic. The licensing model restricts user sharing, hindering broader usage in large companies.
  • "There could be a shared licensing model for the users."
  • "In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
  • "CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."

Pricing

Enterprise users find CodeSonar's pricing costly, often exceeding $100,000 per year depending on the project's source code size and number of licenses. Evaluators appreciate the tool's reliability, which justifies the expense for organizations seeking proven analysis capabilities. However, some suggest considering automated licensing models. CodeSonar is compared to alternatives like Coverity, both regarded as expensive. Buyers rate the pricing a four out of ten, reflecting sentiment towards its high cost.
  • "The application’s pricing is high compared to other tools."
  • "Our organization purchased a license to use the solution."
  • "The solution's price depends on the number of licenses needed and the source code for the project."

Popular Use Cases

Companies primarily utilize CodeSonar for static code analysis on C and C++ codes to uncover critical defects, security threats, or vulnerabilities. It is integrated into CI/CD pipelines, such as Jenkins, for continuous evaluation with code changes. Usage includes code quality validation and defect tracking, often in domains like defense. Many provide it as a service, analyzing vulnerabilities, performing triage, and offering insights, with application engineers supporting users facing technical challenges.

Service and Support

CodeSonar customer service and support are highly rated, with users praising its technical support as very good and helpful. Support is known for quick responses and knowledgeable assistance, particularly when handling integration issues or third-party code complexities. They offer valuable recommendations and users often rate them four or five out of five. The support team, being developers of CodeSonar, provides concrete solutions, demonstrating expertise and effectiveness in addressing user needs.

Deployment

CodeSonar's initial setup is generally considered simple and straightforward, though some users note challenges, particularly during upgrades rather than fresh installations. Deployment can be completed in one day, with integration taking a few hours. Users have mentioned delays due to the licensing model during integration with GitHub, suggesting that a shared license option could facilitate easier deployment. Despite some difficulties, customers find the setup relatively easy and express satisfaction after demos.

Scalability

CodeSonar is scalable with a good reputation among users, including developers and engineers. Multiple teams successfully utilized it on various projects without issues. Organizations find the tool effective for their needs and hint at increasing usage. Scalability ratings are high, with up to twenty users reported. The tool is well-regarded, enabling efficient performance in different settings. Users view CodeSonar's scalability as commendable, supporting their development requirements effectively.

Stability

Stability of CodeSonar is consistently praised. Users frequently refer to it as stable, noting scalability with no crashes experienced. They've utilized it extensively with no problems, consistently rating it highly in terms of reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise1
By reviewers
By visitors reading reviews
Company SizeCount
Small Business102
Midsize Enterprise90
Large Enterprise400
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
23%
University
11%
Computer Software Company
11%
Aerospace/Defense Firm
5%
Financial Services Firm
5%
Government
5%
Retailer
5%
Healthcare Company
4%
Transportation Company
4%
Educational Organization
4%
Comms Service Provider
4%
Media Company
3%
Non Profit
2%
Real Estate/Law Firm
2%
Recreational Facilities/Services Company
1%
Energy/Utilities Company
1%
Performing Arts
1%
Consumer Goods Company
1%
Construction Company
1%
Legal Firm
1%
Renewables & Environment Company
1%
Logistics Company
1%
Insurance Company
1%
Wholesaler/Distributor
1%
Leisure / Travel Company
1%

Compare CodeSonar with alternative products

Go!

Learn more about CodeSonar

CodeSonar customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Related questions

  • 278
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 14
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 78
What are the Top 5 cybersecurity trends in 2022?
  • 110
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 29
We're evaluating Tripwire, what else should we consider?
  • 7
Which application security solutions include both vulnerability scans and quality checks?
  • 734
Is SonarQube the best tool for static analysis?
  • 8
Why Do I Need Application Security Software?
  • 57
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
  • 23
SAST vs. DAST: Which is better for application security testing?

Product Categories

Product Categories
Application Security Tools
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs CodeSonar Logo
SonarQube Server (formerly SonarQube) vs CodeSonar
Snyk vs CodeSonar Logo
Snyk vs CodeSonar
Checkmarx One vs CodeSonar Logo
Checkmarx One vs CodeSonar
Veracode vs CodeSonar Logo
Veracode vs CodeSonar
Mend.io vs CodeSonar Logo
Mend.io vs CodeSonar
OpenText Static Application Security Testing vs CodeSonar Logo
OpenText Static Application Security Testing vs CodeSonar
Qualys Web Application Scanning vs CodeSonar Logo
Qualys Web Application Scanning vs CodeSonar
Klocwork vs CodeSonar Logo
Klocwork vs CodeSonar
Semgrep vs CodeSonar Logo
Semgrep vs CodeSonar
Polyspace Code Prover vs CodeSonar Logo
Polyspace Code Prover vs CodeSonar
Helix QAC vs CodeSonar Logo
Helix QAC vs CodeSonar
Axivion Static Code Analysis vs CodeSonar Logo
Axivion Static Code Analysis vs CodeSonar
Understand vs CodeSonar Logo
Understand vs CodeSonar
See all alternatives
 
CodeSonar Reviews Summary
Author infoRatingReview Summary
Intigration Developer at ez-Wheel4.0No summary available
Team Lead at a tech services company with 10,001+ employees4.0No summary available
Senior Security Specialist at a computer software company with 51-200 employees4.5No summary available
Engineer at a manufacturing company with 11-50 employees5.0No summary available
Embedded Software Engineer at a manufacturing company with 201-500 employees3.5No summary available
Senior Solutions Architect at a tech vendor with 1-10 employees4.5No summary available
Team Leader in software dept at a tech services company with 11-50 employees3.5We use CodeSonar for static analysis to identify security threats. Its most valuable feature is threat detection. We previously used open-source tools but switched to CodeSonar for better security and integration. A shared licensing model would benefit our large company.