No more typing reviews! Try our Samantha, our new voice AI agent.
CodeSonar Logo

CodeSonar Reviews

Vendor: CodeSecure
4.1 out of 5
Leave a review

What is CodeSonar?

CodeSonar offers a potent tool for static code analysis, adept in detecting runtime errors and security vulnerabilities, with a fast deployment process and scalable capabilities. Its quick analysis and efficient web interface provide a strong basis for code quality validation.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about CodeSonar, SonarQube, Snyk and more!
CodeSonar is the #10 ranked solution in top Static Code Analysis solutions and #30 ranked solution in application security solutions. PeerSpot users give CodeSonar an average rating of 8.2 out of 10. CodeSonar is most commonly compared to SonarQube: CodeSonar vs SonarQube. CodeSonar is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 24% of all views.
Buyer's Guide
Application Security Tools
April 2026
Get the category report
Helped 893,221 peers since 2012

Featured CodeSonar reviews

Read more reviews

CodeSonar mindshare

Product category:
Application Security Tools
As of May 2026, the mindshare of CodeSonar in the Application Security Tools category stands at 1.1%, down from 1.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
CodeSonar1.1%
SonarQube13.6%
Checkmarx One8.8%
Other76.5%
Application Security Tools
 
 
Key learnings from peers

Valuable Features

CodeSonar excels in detecting memory leaks and runtime errors with exceptional speed and analysis. Its standout features include user-friendly GUI, efficient dead code detection, categorized classes for future bug predictions, precise logging, stable deployment, and scalability. CodeSonar uniquely identifies security threats, ensuring robust code. Users appreciate the ease of code surfing, buffer overflow and underflow detection, and web interface, which significantly benefit development teams by maintaining code consistency and identifying potential vulnerabilities.
  • "The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code."
  • "The solution is very stable and we have used it for a long time with no issues."
  • "It has helped us a lot with some issues and has helped us avoid bad code."

Room for Improvement

CodeSonar needs improvements in core architecture analysis and support for more programming languages like AngularJS and Node.js. It lacks a sound static analysis, which limits its market presence. The coding rules can be challenging to apply selectively. Users find the initial setup challenging and expensive, with insufficient focus on security standards. Reporting issues with MISRA guidelines exist, being overly generic. The licensing model restricts user sharing, hindering broader usage in large companies.
  • "The MISRA guidelines were not appropriately reported and there were some flags or errors."
  • "It would be beneficial for the solution to include code standards and additional functionality for security."
  • "It was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code."

Pricing

Enterprise users find CodeSonar's pricing costly, often exceeding $100,000 per year depending on the project's source code size and number of licenses. Evaluators appreciate the tool's reliability, which justifies the expense for organizations seeking proven analysis capabilities. However, some suggest considering automated licensing models. CodeSonar is compared to alternatives like Coverity, both regarded as expensive. Buyers rate the pricing a four out of ten, reflecting sentiment towards its high cost.
  • "The application’s pricing is high compared to other tools."
  • "Our organization purchased a license to use the solution."
  • "The solution's price depends on the number of licenses needed and the source code for the project."

Popular Use Cases

Companies primarily utilize CodeSonar for static code analysis on C and C++ codes to uncover critical defects, security threats, or vulnerabilities. It is integrated into CI/CD pipelines, such as Jenkins, for continuous evaluation with code changes. Usage includes code quality validation and defect tracking, often in domains like defense. Many provide it as a service, analyzing vulnerabilities, performing triage, and offering insights, with application engineers supporting users facing technical challenges.

Service and Support

CodeSonar customer service and support are highly rated, with users praising its technical support as very good and helpful. Support is known for quick responses and knowledgeable assistance, particularly when handling integration issues or third-party code complexities. They offer valuable recommendations and users often rate them four or five out of five. The support team, being developers of CodeSonar, provides concrete solutions, demonstrating expertise and effectiveness in addressing user needs.

Deployment

CodeSonar's initial setup is generally considered simple and straightforward, though some users note challenges, particularly during upgrades rather than fresh installations. Deployment can be completed in one day, with integration taking a few hours. Users have mentioned delays due to the licensing model during integration with GitHub, suggesting that a shared license option could facilitate easier deployment. Despite some difficulties, customers find the setup relatively easy and express satisfaction after demos.

Scalability

CodeSonar is scalable with a good reputation among users, including developers and engineers. Multiple teams successfully utilized it on various projects without issues. Organizations find the tool effective for their needs and hint at increasing usage. Scalability ratings are high, with up to twenty users reported. The tool is well-regarded, enabling efficient performance in different settings. Users view CodeSonar's scalability as commendable, supporting their development requirements effectively.

Stability

Stability of CodeSonar is consistently praised. Users frequently refer to it as stable, noting scalability with no crashes experienced. They've utilized it extensively with no problems, consistently rating it highly in terms of reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise1
By reviewers
By visitors reading reviews
Company SizeCount
Small Business110
Midsize Enterprise71
Large Enterprise284
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
24%
Computer Software Company
8%
University
7%
Financial Services Firm
7%
Aerospace/Defense Firm
5%
Government
5%
Transportation Company
5%
Comms Service Provider
5%
Retailer
4%
Healthcare Company
4%
Construction Company
4%
Educational Organization
3%
Real Estate/Law Firm
2%
Performing Arts
2%
Non Profit
2%
Media Company
2%
Outsourcing Company
1%
Consumer Goods Company
1%
Renewables & Environment Company
1%
Legal Firm
1%
Logistics Company
1%
Recreational Facilities/Services Company
1%
Hospitality Company
1%
Energy/Utilities Company
1%

Compare CodeSonar with alternative products

Go!

Learn more about CodeSonar

CodeSonar specializes in identifying runtime errors, dead code, and security threats while providing features like code surfing and browsing. It offers a highly efficient web interface, though users find initial setup complex and highlight the need for better static analysis, broader language support beyond C and C++, and an improved licensing model. Despite these challenges, its integration with Jenkins and technical guidance support makes it a reliable choice for teams in defense and software quality assessment. Deployment is quick and easy, yet initial costs are a common concern among users.

What are the key features of CodeSonar?
  • Quick Analysis: Delivers fast runtime error detection and reporting.
  • GUI Interface: Offers a user-friendly experience for code browsing.
  • Scalability: Efficiently deploys across various environments.
  • Security and Code Detection: Identifies vulnerabilities and potential bugs.
  • Effective Configuration: Simplified log and analysis configuration.
What benefits can be seen in user reviews?
  • Detection of Code Vulnerabilities: Enhances security with robust threat detection.
  • Process Integration: Seamlessly integrates with DevOps tools such as Jenkins.
  • Scalable Deployment: Quickly adaptable in expanding environments.
  • GUI Usability: Highly efficient for technical teams to navigate.

CodeSonar is primarily implemented in industries like defense and companies prioritizing code quality. Teams utilize its static code analysis and threat detection capabilities, integrating with Jenkins for continuous integration workflows. Security checks post-builds and technical support are common, aiding in effective defect management.

CodeSonar customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Related questions

  • 227
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 154
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 274
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 243
What are the Top 5 cybersecurity trends in 2022?
  • 142
Which application security solutions include both vulnerability scans and quality checks?
  • 155
We're evaluating Tripwire, what else should we consider?
  • 358
Is SonarQube the best tool for static analysis?
  • 126
Why Do I Need Application Security Software?
  • 147
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
  • 244
What is the difference between "data protection in transit" vs "data protection at rest"?

Product Categories

Product Categories
Application Security Tools
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube vs CodeSonar Logo
SonarQube vs CodeSonar
Snyk vs CodeSonar Logo
Snyk vs CodeSonar
Checkmarx One vs CodeSonar Logo
Checkmarx One vs CodeSonar
Veracode vs CodeSonar Logo
Veracode vs CodeSonar
CrowdStrike Falcon Cloud Security vs CodeSonar Logo
CrowdStrike Falcon Cloud Security vs CodeSonar
Mend.io vs CodeSonar Logo
Mend.io vs CodeSonar
OpenText Core Application Security vs CodeSonar Logo
OpenText Core Application Security vs CodeSonar
Sonatype Lifecycle vs CodeSonar Logo
Sonatype Lifecycle vs CodeSonar
GitHub Advanced Security vs CodeSonar Logo
GitHub Advanced Security vs CodeSonar
GitGuardian Platform vs CodeSonar Logo
GitGuardian Platform vs CodeSonar
Semgrep vs CodeSonar Logo
Semgrep vs CodeSonar
Qualys Web Application Scanning vs CodeSonar Logo
Qualys Web Application Scanning vs CodeSonar
Klocwork vs CodeSonar Logo
Klocwork vs CodeSonar
OpenText Static Application Security Testing vs CodeSonar Logo
OpenText Static Application Security Testing vs CodeSonar
Contrast Security Assess vs CodeSonar Logo
Contrast Security Assess vs CodeSonar
See all alternatives
 
CodeSonar Reviews Summary
Author infoRatingReview Summary
Intigration Developer at ez-Wheel4.0I found CodeSonar stable and scalable, helping enforce MISRA rules and avoid bad code. However, it is expensive and initial setup, rule application, and upgrades can be difficult, and it lacks an IDE plugin for quick analysis.
Engineer at a manufacturing company with 11-50 employees5.0CodeSonar offers fantastic speed, stability, and support, and I find its GUI user-friendly. However, I believe it needs to become a sound static analysis tool to enhance its market competitiveness and adoption, despite its good runtime error detection.
Team Lead at a tech services company with 10,001+ employees4.0I found CodeSonar very helpful for DevOps, detecting buffer issues and future bugs. While stable, I believe its reporting needs improvement in differentiating C and C++ language standards and MISRA guidelines.
Senior Security Specialist at a computer software company with 51-200 employees4.5I use this stable, easily set up solution for static code analysis, effectively identifying defects and vulnerabilities for customers. While costly, it offers good code surfing and excellent support, fixing quality issues. I'd like more emphasis on security features and code standards.
Team Leader in software dept at a tech services company with 11-50 employees3.5We use CodeSonar for static analysis to identify security threats. Its most valuable feature is threat detection. We previously used open-source tools but switched to CodeSonar for better security and integration. A shared licensing model would benefit our large company.
Embedded Software Engineer at a manufacturing company with 201-500 employees3.5I value CodeSonar for optimizing code by catching dead parts, especially for our memory-limited microcontrollers. While stable and scalable, I wish it offered better coding rules to reduce reliance on other tools like MISRA C.
Senior Solutions Architect at a tech vendor with 1-10 employees4.5I rate CodeSonar 9/10. It's excellent for C/C++ memory leak detection, stable, and supported. I desire improved core architecture scanning, more languages (e.g., Node.js), and better pricing for this valuable tool.