Try our new research platform with insights from 80,000+ expert users
CodeSonar Logo

CodeSonar Reviews

Vendor: CodeSecure
4.1 out of 5
Leave a review

What is CodeSonar?

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about CodeSonar, SonarQube, Snyk and more!
CodeSonar is the #10 ranked solution in top Static Code Analysis solutions and #27 ranked solution in application security solutions. PeerSpot users give CodeSonar an average rating of 8.2 out of 10. CodeSonar is most commonly compared to SonarQube: CodeSonar vs SonarQube. CodeSonar is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 26% of all views.
Buyer's Guide
Application Security Tools
February 2026
Get the category report
Helped 884,976 peers since 2012

Featured CodeSonar reviews

Read more reviews

CodeSonar mindshare

Product category:
Application Security Tools
As of March 2026, the mindshare of CodeSonar in the Application Security Tools category stands at 1.2%, down from 1.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
CodeSonar1.2%
SonarQube16.3%
Checkmarx One9.9%
Other72.6%
Application Security Tools
 
 
Key learnings from peers

Valuable Features

CodeSonar excels in detecting memory leaks and runtime errors with exceptional speed and analysis. Its standout features include user-friendly GUI, efficient dead code detection, categorized classes for future bug predictions, precise logging, stable deployment, and scalability. CodeSonar uniquely identifies security threats, ensuring robust code. Users appreciate the ease of code surfing, buffer overflow and underflow detection, and web interface, which significantly benefit development teams by maintaining code consistency and identifying potential vulnerabilities.
  • "The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code."
  • "The solution is very stable and we have used it for a long time with no issues."
  • "It has helped us a lot with some issues and has helped us avoid bad code."

Room for Improvement

CodeSonar needs improvements in core architecture analysis and support for more programming languages like AngularJS and Node.js. It lacks a sound static analysis, which limits its market presence. The coding rules can be challenging to apply selectively. Users find the initial setup challenging and expensive, with insufficient focus on security standards. Reporting issues with MISRA guidelines exist, being overly generic. The licensing model restricts user sharing, hindering broader usage in large companies.
  • "The MISRA guidelines were not appropriately reported and there were some flags or errors."
  • "It would be beneficial for the solution to include code standards and additional functionality for security."
  • "It was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code."

Pricing

Enterprise users find CodeSonar's pricing costly, often exceeding $100,000 per year depending on the project's source code size and number of licenses. Evaluators appreciate the tool's reliability, which justifies the expense for organizations seeking proven analysis capabilities. However, some suggest considering automated licensing models. CodeSonar is compared to alternatives like Coverity, both regarded as expensive. Buyers rate the pricing a four out of ten, reflecting sentiment towards its high cost.
  • "The application’s pricing is high compared to other tools."
  • "Our organization purchased a license to use the solution."
  • "The solution's price depends on the number of licenses needed and the source code for the project."

Popular Use Cases

Companies primarily utilize CodeSonar for static code analysis on C and C++ codes to uncover critical defects, security threats, or vulnerabilities. It is integrated into CI/CD pipelines, such as Jenkins, for continuous evaluation with code changes. Usage includes code quality validation and defect tracking, often in domains like defense. Many provide it as a service, analyzing vulnerabilities, performing triage, and offering insights, with application engineers supporting users facing technical challenges.

Service and Support

CodeSonar customer service and support are highly rated, with users praising its technical support as very good and helpful. Support is known for quick responses and knowledgeable assistance, particularly when handling integration issues or third-party code complexities. They offer valuable recommendations and users often rate them four or five out of five. The support team, being developers of CodeSonar, provides concrete solutions, demonstrating expertise and effectiveness in addressing user needs.

Deployment

CodeSonar's initial setup is generally considered simple and straightforward, though some users note challenges, particularly during upgrades rather than fresh installations. Deployment can be completed in one day, with integration taking a few hours. Users have mentioned delays due to the licensing model during integration with GitHub, suggesting that a shared license option could facilitate easier deployment. Despite some difficulties, customers find the setup relatively easy and express satisfaction after demos.

Scalability

CodeSonar is scalable with a good reputation among users, including developers and engineers. Multiple teams successfully utilized it on various projects without issues. Organizations find the tool effective for their needs and hint at increasing usage. Scalability ratings are high, with up to twenty users reported. The tool is well-regarded, enabling efficient performance in different settings. Users view CodeSonar's scalability as commendable, supporting their development requirements effectively.

Stability

Stability of CodeSonar is consistently praised. Users frequently refer to it as stable, noting scalability with no crashes experienced. They've utilized it extensively with no problems, consistently rating it highly in terms of reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business5
Midsize Enterprise1
Large Enterprise1
By reviewers
By visitors reading reviews
Company SizeCount
Small Business106
Midsize Enterprise67
Large Enterprise308
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
26%
Computer Software Company
8%
University
7%
Financial Services Firm
7%
Aerospace/Defense Firm
6%
Retailer
5%
Comms Service Provider
5%
Government
5%
Healthcare Company
4%
Transportation Company
4%
Educational Organization
3%
Construction Company
2%
Real Estate/Law Firm
2%
Non Profit
2%
Performing Arts
2%
Media Company
2%
Consumer Goods Company
1%
Outsourcing Company
1%
Logistics Company
1%
Renewables & Environment Company
1%
Legal Firm
1%
Recreational Facilities/Services Company
1%
Hospitality Company
1%
Energy/Utilities Company
1%

Compare CodeSonar with alternative products

Go!

Learn more about CodeSonar

CodeSonar customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Related questions

  • 173
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 84
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 186
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 140
What are the Top 5 cybersecurity trends in 2022?
  • 71
Which application security solutions include both vulnerability scans and quality checks?
  • 89
We're evaluating Tripwire, what else should we consider?
  • 337
Is SonarQube the best tool for static analysis?
  • 75
Why Do I Need Application Security Software?
  • 109
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
  • 183
What is the difference between "data protection in transit" vs "data protection at rest"?

Product Categories

Product Categories
Application Security Tools
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube vs CodeSonar Logo
SonarQube vs CodeSonar
Snyk vs CodeSonar Logo
Snyk vs CodeSonar
Checkmarx One vs CodeSonar Logo
Checkmarx One vs CodeSonar
Veracode vs CodeSonar Logo
Veracode vs CodeSonar
CrowdStrike Falcon Cloud Security vs CodeSonar Logo
CrowdStrike Falcon Cloud Security vs CodeSonar
Mend.io vs CodeSonar Logo
Mend.io vs CodeSonar
OpenText Core Application Security vs CodeSonar Logo
OpenText Core Application Security vs CodeSonar
GitGuardian Platform vs CodeSonar Logo
GitGuardian Platform vs CodeSonar
Qualys Web Application Scanning vs CodeSonar Logo
Qualys Web Application Scanning vs CodeSonar
Semgrep vs CodeSonar Logo
Semgrep vs CodeSonar
OpenText Static Application Security Testing vs CodeSonar Logo
OpenText Static Application Security Testing vs CodeSonar
Klocwork vs CodeSonar Logo
Klocwork vs CodeSonar
Polyspace Code Prover vs CodeSonar Logo
Polyspace Code Prover vs CodeSonar
Contrast Security Assess vs CodeSonar Logo
Contrast Security Assess vs CodeSonar
Sonatype Repository Firewall vs CodeSonar Logo
Sonatype Repository Firewall vs CodeSonar
See all alternatives
 
CodeSonar Reviews Summary
Author infoRatingReview Summary
Intigration Developer at ez-Wheel4.0I found CodeSonar stable and scalable, helping enforce MISRA rules and avoid bad code. However, it is expensive and initial setup, rule application, and upgrades can be difficult, and it lacks an IDE plugin for quick analysis.
Engineer at a manufacturing company with 11-50 employees5.0CodeSonar offers fantastic speed, stability, and support, and I find its GUI user-friendly. However, I believe it needs to become a sound static analysis tool to enhance its market competitiveness and adoption, despite its good runtime error detection.
Team Lead at a tech services company with 10,001+ employees4.0I found CodeSonar very helpful for DevOps, detecting buffer issues and future bugs. While stable, I believe its reporting needs improvement in differentiating C and C++ language standards and MISRA guidelines.
Senior Security Specialist at a computer software company with 51-200 employees4.5I use this stable, easily set up solution for static code analysis, effectively identifying defects and vulnerabilities for customers. While costly, it offers good code surfing and excellent support, fixing quality issues. I'd like more emphasis on security features and code standards.
Team Leader in software dept at a tech services company with 11-50 employees3.5We use CodeSonar for static analysis to identify security threats. Its most valuable feature is threat detection. We previously used open-source tools but switched to CodeSonar for better security and integration. A shared licensing model would benefit our large company.
Embedded Software Engineer at a manufacturing company with 201-500 employees3.5I value CodeSonar for optimizing code by catching dead parts, especially for our memory-limited microcontrollers. While stable and scalable, I wish it offered better coding rules to reduce reliance on other tools like MISRA C.
Senior Solutions Architect at a tech vendor with 1-10 employees4.5I rate CodeSonar 9/10. It's excellent for C/C++ memory leak detection, stable, and supported. I desire improved core architecture scanning, more languages (e.g., Node.js), and better pricing for this valuable tool.