CodeSonar Reviews & Product Details

CodeSonar is a static analysis tool designed to help developers identify and address software defects and vulnerabilities. It analyzes source code to detect potential issues and provides insights to improve code quality. Here's a review of CodeSonar, including its pros and cons:

Pros:

Powerful bug detection: CodeSonar is known for its robust bug detection capabilities. It uses advanced static analysis techniques to identify a wide range of defects, including memory leaks, null pointer dereferences, buffer overflows, and concurrency issues. Its deep analysis helps developers uncover subtle bugs that may be challenging to detect through manual code review or testing.

Precise and accurate results: CodeSonar is praised for its accuracy in detecting bugs. It employs a combination of data flow analysis, control flow analysis, and symbolic execution to provide precise results. This reduces false positives and helps developers focus on genuine issues, saving time and effort during the debugging process.

Scalability: CodeSonar is designed to handle large and complex codebases. It can analyze projects with millions of lines of code efficiently, making it suitable for enterprise-level software development. Its scalability ensures that developers can apply static analysis to projects of varying sizes without sacrificing performance. Review collected by and hosted on G2.com.

Complexity and learning curve: CodeSonar is a powerful tool, but it can be complex to set up and configure, especially for developers who are new to static analysis. The learning curve can be steep, and users may require some time and training to fully understand and utilize its features effectively.

False negatives: While CodeSonar strives for accurate bug detection, there is still a possibility of false negatives—bugs that go undetected by the tool. Some types of bugs or code patterns may be more challenging for static analysis to identify, and developers should not rely solely on CodeSonar but also supplement it with other testing and code review practices.

Cost: CodeSonar is a commercial tool, and its licensing costs may be a deterrent for small or independent developers or organizations with limited budgets. The pricing structure may not be feasible for all development teams, particularly those working on open-source or non-commercial projects. Review collected by and hosted on G2.com.

CodeSonar is the best tool in market for static code analysis for C/C++ and other languages. It can be easily integrate with other tools like Jenkins. It's GUI is impressive. The accuracy of problems detected in code is quite high in CodeSonar. Review collected by and hosted on G2.com.

Sometimes it seems it's performance speed gets low and the keyword which was searched doesn't produce useful results. Else there's nothing much to dislike CodeSonar. Review collected by and hosted on G2.com.

Having deep analysis engine outputting the results in several formats for most convenient interpretation; straight-forward support and maintenance; improved log and database management from 6.2p2; support and development organization that takes bugs and improvements seriously and fixes them as soon as possible in alignment with the CodeSonar development roadmap Review collected by and hosted on G2.com.

Fanatical leadership, product owners and technical support that are interested in having long-term good terms with customers; actively listening back and taking input. Review collected by and hosted on G2.com.

Very simple to launch an analysis from the command line on the Linux software. Results were sent when all analyzed is finished which can contains several compilations or code analysis. Review collected by and hosted on G2.com.

The CodeSonar hub interface is not ergonomic and practical for dealing with errors. Bad integration in the CI/CD process like Jenkins. The configuration process from the configuration is a little longer to set up (but great doc does deal with it so small negative point). Review collected by and hosted on G2.com.

Customer support has been excellent, some are always there to respond to technical questions. The Help manual is also really good, and the response time for new licenses or training licenses etc. is very fast! Review collected by and hosted on G2.com.

There isn't anything I dislike, the team I work with takes a long time to decide on upgrades etc. so that is the most frustrating thing. Also, I wish I had more time to work with support on implementing the disaster recovery mechanism... Review collected by and hosted on G2.com.

The flexibility of the static analysis profile that can be used to assess the code. Review collected by and hosted on G2.com.

The initial effort to hook up the Codesonar hub and connect that to a node that was running codesonar in our build pipeline was a little complex. Review collected by and hosted on G2.com.

The way to check the result in browser, and no need to search the result it's intuitive. Review collected by and hosted on G2.com.

The configuration if there is no support. Review collected by and hosted on G2.com.

All the features that are available to me. Review collected by and hosted on G2.com.

I do not like the UI. It could be made easier to use. Review collected by and hosted on G2.com.

The GUI is intuitive. I like the support Review collected by and hosted on G2.com.

There are still some issues what it didn't detct. Review collected by and hosted on G2.com.

Quick respones when putting in a ticket. Review collected by and hosted on G2.com.

I have not found anything I don't like yet. Review collected by and hosted on G2.com.