Try our new research platform with insights from 80,000+ expert users
CodeSonar Logo

CodeSonar Reviews

Vendor: CodeSecure
4.1 out of 5
Start review

What is CodeSonar?

GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about CodeSonar, SonarQube Server (formerly SonarQube), Snyk and more!
CodeSonar is the #10 ranked solution in top Static Code Analysis solutions and #32 ranked solution in application security solutions. PeerSpot users give CodeSonar an average rating of 8.2 out of 10. CodeSonar is most commonly compared to SonarQube Server (formerly SonarQube): CodeSonar vs SonarQube Server (formerly SonarQube). CodeSonar is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 23% of all views.
Buyer's Guide
Application Security Tools
June 2025
Get the category report
Helped 859,129 peers since 2012

Featured CodeSonar reviews

Read more reviews

CodeSonar mindshare

Product category:
Application Security Tools
As of June 2025, the mindshare of CodeSonar in the Application Security Tools category stands at 1.5%, up from 1.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools
 
 
Key learnings from peers

Valuable Features

CodeSonar excels in detecting memory leaks and runtime errors with exceptional speed and analysis. Its standout features include user-friendly GUI, efficient dead code detection, categorized classes for future bug predictions, precise logging, stable deployment, and scalability. CodeSonar uniquely identifies security threats, ensuring robust code. Users appreciate the ease of code surfing, buffer overflow and underflow detection, and web interface, which significantly benefit development teams by maintaining code consistency and identifying potential vulnerabilities.
  • "CodeSonar’s most valuable feature is finding security threats."
  • "The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
  • "The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

Room for Improvement

CodeSonar needs improvements in core architecture analysis and support for more programming languages like AngularJS and Node.js. It lacks a sound static analysis, which limits its market presence. The coding rules can be challenging to apply selectively. Users find the initial setup challenging and expensive, with insufficient focus on security standards. Reporting issues with MISRA guidelines exist, being overly generic. The licensing model restricts user sharing, hindering broader usage in large companies.
  • "There could be a shared licensing model for the users."
  • "In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
  • "CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."

Pricing

Enterprise users find CodeSonar's pricing costly, often exceeding $100,000 per year depending on the project's source code size and number of licenses. Evaluators appreciate the tool's reliability, which justifies the expense for organizations seeking proven analysis capabilities. However, some suggest considering automated licensing models. CodeSonar is compared to alternatives like Coverity, both regarded as expensive. Buyers rate the pricing a four out of ten, reflecting sentiment towards its high cost.
  • "The application’s pricing is high compared to other tools."
  • "Our organization purchased a license to use the solution."
  • "The solution's price depends on the number of licenses needed and the source code for the project."

Popular Use Cases

Companies primarily utilize CodeSonar for static code analysis on C and C++ codes to uncover critical defects, security threats, or vulnerabilities. It is integrated into CI/CD pipelines, such as Jenkins, for continuous evaluation with code changes. Usage includes code quality validation and defect tracking, often in domains like defense. Many provide it as a service, analyzing vulnerabilities, performing triage, and offering insights, with application engineers supporting users facing technical challenges.

Service and Support

CodeSonar customer service and support are highly rated, with users praising its technical support as very good and helpful. Support is known for quick responses and knowledgeable assistance, particularly when handling integration issues or third-party code complexities. They offer valuable recommendations and users often rate them four or five out of five. The support team, being developers of CodeSonar, provides concrete solutions, demonstrating expertise and effectiveness in addressing user needs.

Deployment

CodeSonar's initial setup is generally considered simple and straightforward, though some users note challenges, particularly during upgrades rather than fresh installations. Deployment can be completed in one day, with integration taking a few hours. Users have mentioned delays due to the licensing model during integration with GitHub, suggesting that a shared license option could facilitate easier deployment. Despite some difficulties, customers find the setup relatively easy and express satisfaction after demos.

Scalability

CodeSonar is scalable with a good reputation among users, including developers and engineers. Multiple teams successfully utilized it on various projects without issues. Organizations find the tool effective for their needs and hint at increasing usage. Scalability ratings are high, with up to twenty users reported. The tool is well-regarded, enabling efficient performance in different settings. Users view CodeSonar's scalability as commendable, supporting their development requirements effectively.

Stability

Stability of CodeSonar is consistently praised. Users frequently refer to it as stable, noting scalability with no crashes experienced. They've utilized it extensively with no problems, consistently rating it highly in terms of reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
23%
Computer Software Company
12%
University
10%
Financial Services Firm
6%
Government
5%
Aerospace/Defense Firm
4%
Comms Service Provider
4%
Healthcare Company
4%
Educational Organization
4%
Retailer
4%
Transportation Company
4%
Media Company
4%
Non Profit
2%
Real Estate/Law Firm
2%
Energy/Utilities Company
2%
Recreational Facilities/Services Company
1%
Insurance Company
1%
Performing Arts
1%
Consumer Goods Company
1%
Legal Firm
1%
Construction Company
1%
Renewables & Environment Company
1%
Logistics Company
1%

Compare CodeSonar with alternative products

Go!

Learn more about CodeSonar

CodeSonar customers

Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY

Related questions

  • 509
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 24
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 84
What are the Top 5 cybersecurity trends in 2022?
  • 103
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 29
We're evaluating Tripwire, what else should we consider?
  • 9
Which application security solutions include both vulnerability scans and quality checks?
  • 1,190
Is SonarQube the best tool for static analysis?
  • 13
Why Do I Need Application Security Software?
  • 63
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
  • 33
SAST vs. DAST: Which is better for application security testing?

Product Categories

Product Categories
Application Security Tools
Static Code Analysis

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs CodeSonar Logo
SonarQube Server (formerly SonarQube) vs CodeSonar
Snyk vs CodeSonar Logo
Snyk vs CodeSonar
Checkmarx One vs CodeSonar Logo
Checkmarx One vs CodeSonar
Veracode vs CodeSonar Logo
Veracode vs CodeSonar
Mend.io vs CodeSonar Logo
Mend.io vs CodeSonar
OpenText Static Application Security Testing vs CodeSonar Logo
OpenText Static Application Security Testing vs CodeSonar
Qualys Web Application Scanning vs CodeSonar Logo
Qualys Web Application Scanning vs CodeSonar
Klocwork vs CodeSonar Logo
Klocwork vs CodeSonar
Semgrep vs CodeSonar Logo
Semgrep vs CodeSonar
Polyspace Code Prover vs CodeSonar Logo
Polyspace Code Prover vs CodeSonar
Digital.ai Application Security vs CodeSonar Logo
Digital.ai Application Security vs CodeSonar
Axivion Static Code Analysis vs CodeSonar Logo
Axivion Static Code Analysis vs CodeSonar
See all alternatives
 

CodeSonar reviews

Sort by:
Mathieu ALBRESPY - PeerSpot user
Intigration Developer at ez-Wheel
Verified user of CodeSonar
Nov 12, 2022
Nice interface, quick to deploy, and easy to expand

Pros

"It has been able to scale. "

Cons

"It was expensive."

What is our primary use case?

After each build, we ask CodeSonar to analyze the code, and we're checking to see if we are increasing or decreasing the number of issues on the code.

What is most valuable?

We were using MISRA rules to code, and due to the fact that we were using all these rules, it helped us at least to have a code that was the same between all the developers we had on the team. This is not a feature added by CodeSonar since other code-analysis tools could add it. However, from what I heard about all the other tools, the web interface is quite nice on CodeSonar. 

The solution is stable.

It is quick to deploy.

It has been able to scale. 

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (879 words)
RR
Engineer at a manufacturing company with 11-50 employees
Verified user of CodeSonar
Jul 26, 2022
Good error detection, speedy, shows precise logs and results, and has a user-friendly GUI

Pros

"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."

Cons

"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."

What is our primary use case?

A few of our customers are in the defense industry in India and they're using CodeSonar. In the company, we are from the support team, and in particular, we are application engineers, so if customers are facing technical issues with CodeSonar, we go to their labs and guide them on how to use the product, etc.

What is most valuable?

What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else.

I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Read full review (705 words)
Buyer's Guide
Download free report
Find out what your peers are saying about Application Security Tools. Updated June 2025
859,129 professionals have used our research since 2012.
Manjunath Nada - PeerSpot user
Team Lead at a tech services company with 10,001+ employees
Verified user of CodeSonar
Dec 1, 2022
Useful buffering and beneficial categorized classes

Pros

"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful. "

Cons

"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."

What is our primary use case?

CodeSonar was integrated into Jenkins.

We used CodeSonar for our DevOps when every code change was sent to our repository. There was a check enabled that was used to run CodeSonar for the submitted code.

How has it helped my organization?

The solution has helped out the organization because of the buffer usage. There was a vehicle identification number that we had to configure and since it was a string, it was common to use the buffer overflow. While that was happening, it did not get a valid VIN number for the vehicle. For this example, the solution was very helpful.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (498 words)
PeerSpot user
Senior Security Specialist at a computer software company with 51-200 employees
Verified user of CodeSonar
Nov 13, 2022
Effectively identifies issues, defects, and vulnerabilities to ensure robust code

Pros

"There is nice functionality for code surfing and browsing. "

Cons

"It would be beneficial for the solution to include code standards and additional functionality for security."

What is our primary use case?

Our company uses the solution to perform static code analysis for our customers. 

We provide the solution as a service where we run the tool, identify any vulnerabilities, check triage, and output results. 

Our team includes ten developers who focus solely on security reviews. 

What is most valuable?

The solution effectively ensures that code is robust by identifying issues, defects, and potential vulnerabilities that may turn into security problems. 

There is nice functionality for code surfing and browsing. 

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (394 words)
Ben Mbarek - PeerSpot user
Embedded Software Engineer at a manufacturing company with 201-500 employees
Verified user of CodeSonar
Nov 21, 2022
Straightforward setup, useful dead code catching, but better coding rules needed

Pros

"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

Cons

"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."

What is our primary use case?

I use CodeSonar for code framework quality validation.

How has it helped my organization?

CodeSonar has helped our organization because it detects dead and nonusable parts of code to create a more optimized code. In our microcontroller our memory flash is limited and this optimized code is very important.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (251 words)
PeerSpot user
Senior Solutions Architect at a tech vendor with 1-10 employees
Verified user of CodeSonar
Jun 16, 2019
Product version discussed: 5.1
Catches critical code defects at the source code level

Pros

"The tool is very good for detecting memory leaks."

Cons

"The scanning tool for core architecture could be improved. "

What is our primary use case?

We use this for catching some of the critical defects at the source code level for C and C++ code.

What is most valuable?

The tool is very good for detecting memory leaks.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Read full review (361 words)
PeerSpot user
Team Leader in software dept at a tech services company with 11-50 employees
Verified user of CodeSonar
Jul 30, 2023
Provides good integration capabilities, but the licensing model needs improvement

Pros

"CodeSonar’s most valuable feature is finding security threats. "

Cons

"There could be a shared licensing model for the users."

What is our primary use case?

We use CodeSonar for static analysis and finding security threats or vulnerabilities.

What is most valuable?

CodeSonar’s most valuable feature is finding security threats. It is a significant benefit for us.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (303 words)