CIO Influence
CIO Influence News SaaS Security

GrammaTech Static Application Security Testing (SAST) Platform Extends DevSecOps to Embedded Software Development

GrammaTech Static Application Security Testing (SAST) Platform Extends DevSecOps to Embedded Software Development

CodeSonar Provides Native Integration with GitHub Actions, and helps Enforces Industry Specific Security and Safety Standards

GrammaTech, a leading provider of application security testing products and software research services, announced the latest version of CodeSonar which automates the detection of coding defects to accelerate the implementation of DevSecOps methodologies in embedded software development pipelines. CodeSonar now supports all leading development languages (C, C++, C# and Java) in one unified platform and integrates with GitHub Actions to provide native static application security testing (SAST) capabilities for embedded code. The new version also includes built-in industry specific reports for security (CERT, OWASP) and safety (AUTOSAR, MISRA and more.)

Recommended ITech News: Diebold Nixdorf Names Teresa Ostapower as Chief Information Officer

.@GrammaTech Static Application Security Testing (SAST) Platform Extends DevSecOps to Embedded Software Development and includes Native Integration with GitHub Actions

Comprehensive DevSecOps for Embedded Applications

Embedded software supports critical functions in industrial, automotive, aerospace, military and defense systems where failure is not an option. Ensuring the quality, security and safety of these systems begins with software development. CodeSonar provides transparent SAST capabilities that integrate with existing CI/CD pipelines, such as GitLab, Jenkins and GitHub, to automate the detection and remediation of coding defects throughout the software development lifecycle.

Iris ID, a leading developer and driver of the commercialization and adoption of iris technology, is using CodeSonar to support DevSecOps for a global team of developers to continuously ensure security and improve quality. “With CodeSonar, our developers can look at the code together, discuss the issues and understand why they were found so they can be quickly fixed,” said Jun Hong, Chief Technology Officer for Iris ID. “It has enabled us to make secure coding fundamental to the delivery of our products.”

In addition to existing integrations with Jenkins and GitLab, CodeSonar now integrates with GitHub Actions to provide developers a seamless DevSecOps experience. CodeSonar delivers SAST results directly into the GitHub code scanning UI, enabling development teams to shift left without disruption to their software development life cycle.

CodeSonar integration with GitHub Actions provides the developer community with additional options for adding SAST analysis directly into development workflows and pipelines. By specializing in SAST for embedded software development, CodeSonar enables developers using GitHub to focus on industry specific coding standards where security and functional safety are essential.

The new version of CodeSonar provides the following capabilities and benefits:

  • Industry leading language support in a single platform for C, C++, C# and Java that eliminates the need for multiple tools and provides a familiar user experience for all CI/CD pipelines
  • Support for security standards maps CERT rules and OWASP rules for C#, C/C++ and Java to CodeSonar warning classes to automate the detection of common coding errors
  • Built-in, industry-specific reports identify safety defects for automotive, aviation, government and other sectors and include AUTOSAR C++, Build-Security-In (BSI), Jet Propulsion Lab (JPL), MISRA C/C++, and NASA Power of 10
  • Support for the ODBC library automates the detection of resource leaks, null pointer dereference, unreachable code, etc.
  • Variable naming checker for C++ enforces coding style standards to improve code readability and reduce errors

“Embedded application development teams in the same organization often use different languages depending on the product they are working on, and in most industries must comply with specific safety and security standards,” said Vince Arneja, Chief Product Officer for GrammaTech. “CodeSonar now provides comprehensive language support as well as standards compliance tools in one unified platform that is both automated and transparent for end users. With integrations to CI/CD solutions like GitHub Actions, we make it easy for development teams to accelerate the adoption of DevSecOps.”

Recommended ITech News: Aparavi Announces Joe Maionchi as Vice President of Engineering

Related posts

Comprehensive Air Quality Data From Hawa Dawa Is Now Available On The HERE Marketplace

CIO Influence News Desk

Springbrook Software’s New Cirrus Cloud ERP Platform Realizes Strong Market Adoption in 2021

CIO Influence News Desk

AlertEnterprise Receives LenelS2 Factory Certification under the LenelS2 OpenAccess Alliance Program

Business Wire

Leave a Comment