Share your experience using CodeSonar

We use CodeSonar for static analysis and finding security threats or vulnerabilities.

CodeSonar’s most valuable feature is finding security threats. It is a significant benefit for us.

Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will be very beneficial for a large company site.

We have been using CodeSonar for two years.

I rate the application’s stability a nine out of ten.

My team consists of two to three developers who use CodeSonar. I rate its scalability an eight out of ten.

We have used a few open-source static analysis tools. We switched to CodeSonar for security, flexibility, and integration capabilities with multiple solutions.

The application is easy to deploy. Although, we have to wait in a queue while integrating it with GitHub because of the licensing model. There could be an option to share licenses for easier deployment. It takes a couple of hours to complete.

The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.

I recommend CodeSonar to others and rate it a seven out of ten.

CodeSonar was integrated into Jenkins.

We used CodeSonar for our DevOps when every code change was sent to our repository. There was a check enabled that was used to run CodeSonar for the submitted code.

The solution has helped out the organization because of the buffer usage. There was a vehicle identification number that we had to configure and since it was a string, it was common to use the buffer overflow. While that was happening, it did not get a valid VIN number for the vehicle. For this example, the solution was very helpful.

The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful.

It was comfortable logging into the solution and seeing all the warnings that are there in case we wanted to suppress them.

I am from the embedded domain, in which typically, our code works on the hardware. We follow a standard called MISRA guidelines. The MISRA guidelines were not appropriately reported. There were some flags or errors. I was working on C++ code and there were certain class categories, which were C standards, and were being reported in C++, where C++ is a higher-level language, some of those may not even be applicable in the latest C++ version that we had. The reporting could improve to make the solution better.

In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.

I have been using CodeSonar for approximately three years.

CodeSonar is stable.

The scalability of CodeSonar is good. Our organization might increase the usage of the solution.

I rate the support from CodeSonar a four out of five.

Positive

We used one other solution other prior to CodeSonar.

We have received a return on investment using CodeSonar.

Our organization purchased a license to use the solution.

We have not needed more than two people for the maintenance of the solution.

My advice to others is this is a needed tool if you are deploying something on a larger scale.

I rate CodeSonar an eight out of ten.