CodeSonar’s Integration with Microsoft Visual Studio

Microsoft Visual Studio continues, at 21 years old, to be a dominant integrated development environment (IDE) for developers...

Static Analysis Results: A Format and a Protocol: SARIF & SASP

Introduction

Static analysis tools are now very widely used in industry, academia, and open-source, so there is an...

Detecting the Beep Vulnerability with CodeSonar

The linux beep utility is a small utility command to literally send a tone to the user’s speaker. A subtle error in the...

Using Dynamic Metrics with Static Analysis

GrammaTech CodeSonar is primarily a static analysis tool, but there are some circumstances where it is useful to present...

The Economics of Static Analysis Tool Usage

INTRODUCTION:

The most effective tool is one that reports a good number of true positives, without too many false...