# CodeSonar Reviews **Vendor:** CodeSecure **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.3/5.0 **Total Reviews:** 13 ## About CodeSonar As a leading provider of static application security testing (SAST) solutions, CodeSecure helps software developers solve challenging issues throughout the software development life cycle (SDLC) to protect mission-critical software and devices from failure and cyberattack. By enabling developers to shift security testing left, CodeSecure CodeSonar seamlessly integrates into CI/CD and DevSecOps tools to assist developers in designing, developing, and deploying trusted software applications – meeting standards, minimizing risk and accelerating projects to gain a competitive advantage. CodeSecure CodeSonar is a multi-language static application security testing (SAST) solution supporting C, C++, C# and Java. CodeSonar provides deep static analysis to quickly find and fix defects impacting code quality, safety and security. With seamless integrations into developer tools such as GitHub, GitLab, Jenkins, Visual Studio and others, CodeSonar is easily adopted into developer workflows to efficiently and continuously test code to create higher quality, safer and more secure software.   ## CodeSonar Reviews ### 1. Help developers identify and address software defects **Rating:** 4.0/5.0 stars **Reviewed by:** kanchan s. | Search Engine Optimization Specialist, Small-Business (50 or fewer emp.) **Reviewed Date:** July 07, 2023 **What do you like best about CodeSonar?** CodeSonar is a static analysis tool designed to help developers identify and address software defects and vulnerabilities. It analyzes source code to detect potential issues and provides insights to improve code quality. Here's a review of CodeSonar, including its pros and cons: Pros: Powerful bug detection: CodeSonar is known for its robust bug detection capabilities. It uses advanced static analysis techniques to identify a wide range of defects, including memory leaks, null pointer dereferences, buffer overflows, and concurrency issues. Its deep analysis helps developers uncover subtle bugs that may be challenging to detect through manual code review or testing. Precise and accurate results: CodeSonar is praised for its accuracy in detecting bugs. It employs a combination of data flow analysis, control flow analysis, and symbolic execution to provide precise results. This reduces false positives and helps developers focus on genuine issues, saving time and effort during the debugging process. Scalability: CodeSonar is designed to handle large and complex codebases. It can analyze projects with millions of lines of code efficiently, making it suitable for enterprise-level software development. Its scalability ensures that developers can apply static analysis to projects of varying sizes without sacrificing performance. **What do you dislike about CodeSonar?** Complexity and learning curve: CodeSonar is a powerful tool, but it can be complex to set up and configure, especially for developers who are new to static analysis. The learning curve can be steep, and users may require some time and training to fully understand and utilize its features effectively. False negatives: While CodeSonar strives for accurate bug detection, there is still a possibility of false negatives—bugs that go undetected by the tool. Some types of bugs or code patterns may be more challenging for static analysis to identify, and developers should not rely solely on CodeSonar but also supplement it with other testing and code review practices. Cost: CodeSonar is a commercial tool, and its licensing costs may be a deterrent for small or independent developers or organizations with limited budgets. The pricing structure may not be feasible for all development teams, particularly those working on open-source or non-commercial projects. **What problems is CodeSonar solving and how is that benefiting you?** Helping developers identify and address software defects and vulnerabilities. ### 2. CodeSonar : Life saver **Rating:** 4.0/5.0 stars **Reviewed by:** Tushar J. | System Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** December 31, 2022 **What do you like best about CodeSonar?** CodeSonar is the best tool in market for static code analysis for C/C++ and other languages. It can be easily integrate with other tools like Jenkins. It's GUI is impressive. The accuracy of problems detected in code is quite high in CodeSonar. **What do you dislike about CodeSonar?** Sometimes it seems it's performance speed gets low and the keyword which was searched doesn't produce useful results. Else there's nothing much to dislike CodeSonar. **What problems is CodeSonar solving and how is that benefiting you?** CodeSonar helps me to analyse the quality and enhance the performance of the code written. To make the code complaint with the guidelines provided by client, CodeSonar helps to provide perfect solution to the respective warnings. ### 3. Grammatech feedback from a field support engineer perspective **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** January 31, 2023 **What do you like best about CodeSonar?** Having deep analysis engine outputting the results in several formats for most convenient interpretation; straight-forward support and maintenance; improved log and database management from 6.2p2; support and development organization that takes bugs and improvements seriously and fixes them as soon as possible in alignment with the CodeSonar development roadmap **What do you dislike about CodeSonar?** Fanatical leadership, product owners and technical support that are interested in having long-term good terms with customers; actively listening back and taking input. **What problems is CodeSonar solving and how is that benefiting you?** Solving serious hidden programming errors that cost my client quite a budget; improving the code quality and educating developers to write better code that is secure ### 4. Code analysis tool that does the job but from a not very ergonomic interface **Rating:** 3.0/5.0 stars **Reviewed by:** Martial P. | Software engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** September 09, 2022 **What do you like best about CodeSonar?** Very simple to launch an analysis from the command line on the Linux software. Results were sent when all analyzed is finished which can contains several compilations or code analysis. **What do you dislike about CodeSonar?** The CodeSonar hub interface is not ergonomic and practical for dealing with errors. Bad integration in the CI/CD process like Jenkins. The configuration process from the configuration is a little longer to set up (but great doc does deal with it so small negative point). **What problems is CodeSonar solving and how is that benefiting you?** Static and dynamic source code analysing with MISRA rules coverage. ### 5. CodeSonar review **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Aviation & Aerospace | Mid-Market (51-1000 emp.) **Reviewed Date:** June 14, 2022 **What do you like best about CodeSonar?** Customer support has been excellent, some are always there to respond to technical questions. The Help manual is also really good, and the response time for new licenses or training licenses etc. is very fast! **What do you dislike about CodeSonar?** There isn't anything I dislike, the team I work with takes a long time to decide on upgrades etc. so that is the most frustrating thing. Also, I wish I had more time to work with support on implementing the disaster recovery mechanism... **Recommendations to others considering CodeSonar:** na **What problems is CodeSonar solving and how is that benefiting you?** Codesonar provides whatever static analysis is required for the flight software team to meat the compliance requirements for their projects. Also, when there are security issues from the DoD etc. then Grammatech is very quick to resolve those issues and provide updates/fixes. ### 6. A comprehensive and easy to use static code analysis tool. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Medical Devices | Small-Business (50 or fewer emp.) **Reviewed Date:** July 05, 2022 **What do you like best about CodeSonar?** The flexibility of the static analysis profile that can be used to assess the code. **What do you dislike about CodeSonar?** The initial effort to hook up the Codesonar hub and connect that to a node that was running codesonar in our build pipeline was a little complex. **Recommendations to others considering CodeSonar:** Look at the ease of integration into Jenkins build pipeline. **What problems is CodeSonar solving and how is that benefiting you?** We have a regulatory requirement that our code base must have a static code analysis performed. Codesonar is helping us to meet that objective. ### 7. do the job quickly **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Electrical/Electronic Manufacturing | Mid-Market (51-1000 emp.) **Reviewed Date:** September 09, 2022 **What do you like best about CodeSonar?** The way to check the result in browser, and no need to search the result it's intuitive. **What do you dislike about CodeSonar?** The configuration if there is no support. **What problems is CodeSonar solving and how is that benefiting you?** Some potential bugs or errors before the code increase.Avoid spending time. ### 8. Works well with Green Hill's compiler. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Hardware | Enterprise (> 1000 emp.) **Reviewed Date:** July 27, 2022 **What do you like best about CodeSonar?** All the features that are available to me. **What do you dislike about CodeSonar?** I do not like the UI. It could be made easier to use. **What problems is CodeSonar solving and how is that benefiting you?** Improving code quality and security through static analysis. It works on code built in Green Hill's MULTI, which is something that is not offered by one of your copetitors (sonarQube) ### 9. Compared to other tools what we have evaluated, it looks like very nice. **Rating:** 4.5/5.0 stars **Reviewed by:** Mika V. | Senior Manager, Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2022 **What do you like best about CodeSonar?** The GUI is intuitive. I like the support **What do you dislike about CodeSonar?** There are still some issues what it didn't detct. **What problems is CodeSonar solving and how is that benefiting you?** Finds issues, which are difficult to find by peer-review and thus identify issues earlier than in released product ### 10. Easy company to work with. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Government Relations | Enterprise (> 1000 emp.) **Reviewed Date:** June 17, 2022 **What do you like best about CodeSonar?** Quick respones when putting in a ticket. **What do you dislike about CodeSonar?** I have not found anything I don't like yet. **What problems is CodeSonar solving and how is that benefiting you?** The software identifies potential flaws in code. Gives generic examples on how to fix the problem. ### 11. Helps in finding security vulnerabilities **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** December 05, 2021 **What do you like best about CodeSonar?** CodeSonar is easy to use offers rich experience in finding security vulnerabilities in source code **What do you dislike about CodeSonar?** Nothing to be disliked about this product **What problems is CodeSonar solving and how is that benefiting you?** Finding security vulnerabilities in our organisations source code. This offers better security testing ### 12. Decent Tool **Rating:** 3.5/5.0 stars **Reviewed by:** Rohit M. | Software Engineer Intern, Small-Business (50 or fewer emp.) **Reviewed Date:** October 03, 2019 **What do you like best about CodeSonar?** Most of the IDEs provide this feature but the best part about this is that we can define rules about test cases and check for that rules. Hence it increases the Code Quality **What do you dislike about CodeSonar?** The UI can be more easier. Right now i dont find good help documentation to start with scratch **What problems is CodeSonar solving and how is that benefiting you?** I am making my code coverage of minimum 92 with extra rules for quality ### 13. Very useful for finding vulnerabilities **Rating:** 4.5/5.0 stars **Reviewed by:** Desiree V. | Human Resources Management, Oil & Energy, Mid-Market (51-1000 emp.) **Reviewed Date:** October 01, 2019 **What do you like best about CodeSonar?** I like how the source code analysis engine of this tool identifies many issues that we sometimes worry about finding during code debugging processes, such as null pointer dereferences or uninitialized variables, thus preventing system-wide crashes. Likewise, CodeSonar's binary analysis finds vulnerabilities and defects in machine code, allowing for security analysis even if the source code is not available. **What do you dislike about CodeSonar?** The scanning tool for the core architecture I think could be improved. I also think the price is a bit high. **What problems is CodeSonar solving and how is that benefiting you?** With this tool, errors and vulnerabilities can be found more easily and with great precision in systems where it is critical to avoid any type of error in the codes. ## CodeSonar Discussions - [What is the easiest way to setup CodeSonar using Azure DevOps](https://www.g2.com/discussions/what-is-the-easiest-way-to-setup-codesonar-using-azure-devops) - 2 comments, 1 upvote - [Is CodeSonar open source?](https://www.g2.com/discussions/is-codesonar-open-source) - 1 comment - [How does CodeSonar work?](https://www.g2.com/discussions/how-does-codesonar-work) - 1 comment - [View CodeSonar pricing details and edition comparison](https://www.g2.com/products/codesonar/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-15+05%3A06%3A44+-0500&secure%5Bsession_id%5D=2bb6020c-294a-41c1-b6e5-fb5dee4cfb46&secure%5Btoken%5D=3aa04a81753a5277b9d5fcd1a7e563258f9000df3b84b437ff93c46daefbe460&format=llm_user) ## CodeSonar Features **Administration** - API / Integrations - Extensibility **Documentation** - Feedback - Prioritization - Remediation Suggestions **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Security** - False Positives - Custom Compliance - Agility **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top CodeSonar Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (138 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) - 4.2/5.0 (55 reviews) - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,278 reviews)