CodeSonar Reviews

Name: CodeSonar
Brand: CodeSecure
Rating: 4.1 (7 reviews)

4.1 out of 5

7 reviews
87% willing to recommend

What is CodeSonar?

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about CodeSonar, SonarQube Server (formerly SonarQube), Snyk and more!

CodeSonar is the #8 ranked solution in top Static Code Analysis solutions and #34 ranked solution in application security solutions. PeerSpot users give CodeSonar an average rating of 8.2 out of 10. CodeSonar is most commonly compared to SonarQube Server (formerly SonarQube): CodeSonar vs SonarQube Server (formerly SonarQube). CodeSonar is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 26% of all views.

Buyer's Guide

Application Security Tools

April 2025

Get the category report

Helped 845,485 peers since 2012

Featured CodeSonar reviews

Mathieu ALBRESPY

Intigration Developer at ez-Wheel

This is the first time I've used this kind of software. It was the only one we could apply to analyze with MISRA rules. At my new company, I tried to use Klocwork. I tried to use it, just once so I cannot compare it exactly with CodeSonar. I also have a plugin for my Visual Studio and I try to make it work. It's not easy, however, I don't think that we have this kind of functionality with CodeSonar. It can do some incremental analysis. However, since this feature is also available on CodeSonar, it would be a good idea to have a plugin on Visual Studio just to have a quick analysis.

Read full review

Manjunath Nada

Team Lead at a tech services company with 10,001+ employees

I am from the embedded domain, in which typically, our code works on the hardware. We follow a standard called MISRA guidelines. The MISRA guidelines were not appropriately reported. There were some flags or errors. I was working on C++ code and there were certain class categories, which were C standards, and were being reported in C++, where C++ is a higher-level language, some of those may not even be applicable in the latest C++ version that we had. The reporting could improve to make the solution better. In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.

Read full review

Ben Mbarek

Embedded Software Engineer at a manufacturing company with 201-500 employees

I use CodeSonar for code framework quality validation CodeSonar has helped our organization because it detects dead and nonusable parts of code to create a more optimized code. In our microcontroller our memory flash is limited and this optimized code is very important. The most valuable feature…

Read full review

CodeSonar mindshare

Product category:

As of April 2025, the mindshare of CodeSonar in the Application Security Tools category stands at 1.4%, up from 0.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Valuable Features

CodeSonar excels in detecting memory leaks and runtime errors with exceptional speed and analysis. Its standout features include user-friendly GUI, efficient dead code detection, categorized classes for future bug predictions, precise logging, stable deployment, and scalability. CodeSonar uniquely identifies security threats, ensuring robust code. Users appreciate the ease of code surfing, buffer overflow and underflow detection, and web interface, which significantly benefit development teams by maintaining code consistency and identifying potential vulnerabilities.

"CodeSonar’s most valuable feature is finding security threats."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

Room for Improvement

CodeSonar needs improvements in core architecture analysis and support for more programming languages like AngularJS and Node.js. It lacks a sound static analysis, which limits its market presence. The coding rules can be challenging to apply selectively. Users find the initial setup challenging and expensive, with insufficient focus on security standards. Reporting issues with MISRA guidelines exist, being overly generic. The licensing model restricts user sharing, hindering broader usage in large companies.

"There could be a shared licensing model for the users."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."

Pricing

Enterprise users find CodeSonar's pricing costly, often exceeding $100,000 per year depending on the project's source code size and number of licenses. Evaluators appreciate the tool's reliability, which justifies the expense for organizations seeking proven analysis capabilities. However, some suggest considering automated licensing models. CodeSonar is compared to alternatives like Coverity, both regarded as expensive. Buyers rate the pricing a four out of ten, reflecting sentiment towards its high cost.

"The application’s pricing is high compared to other tools."
"Our organization purchased a license to use the solution."
"The solution's price depends on the number of licenses needed and the source code for the project."

Popular Use Cases

Companies primarily utilize CodeSonar for static code analysis on C and C++ codes to uncover critical defects, security threats, or vulnerabilities. It is integrated into CI/CD pipelines, such as Jenkins, for continuous evaluation with code changes. Usage includes code quality validation and defect tracking, often in domains like defense. Many provide it as a service, analyzing vulnerabilities, performing triage, and offering insights, with application engineers supporting users facing technical challenges.

Service and Support

CodeSonar customer service and support are highly rated, with users praising its technical support as very good and helpful. Support is known for quick responses and knowledgeable assistance, particularly when handling integration issues or third-party code complexities. They offer valuable recommendations and users often rate them four or five out of five. The support team, being developers of CodeSonar, provides concrete solutions, demonstrating expertise and effectiveness in addressing user needs.

Deployment

CodeSonar's initial setup is generally considered simple and straightforward, though some users note challenges, particularly during upgrades rather than fresh installations. Deployment can be completed in one day, with integration taking a few hours. Users have mentioned delays due to the licensing model during integration with GitHub, suggesting that a shared license option could facilitate easier deployment. Despite some difficulties, customers find the setup relatively easy and express satisfaction after demos.

Scalability

CodeSonar is scalable with a good reputation among users, including developers and engineers. Multiple teams successfully utilized it on various projects without issues. Organizations find the tool effective for their needs and hint at increasing usage. Scalability ratings are high, with up to twenty users reported. The tool is well-regarded, enabling efficient performance in different settings. Users view CodeSonar's scalability as commendable, supporting their development requirements effectively.

Stability

Stability of CodeSonar is consistently praised. Users frequently refer to it as stable, noting scalability with no crashes experienced. They've utilized it extensively with no problems, consistently rating it highly in terms of reliability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Application Security Tools Buyer's Guide for additional reliable information.