GrammaTech announced a new version of its CodeSonar static application security testing (SAST) solution that can be deployed in both on-premises and hybrid cloud models to seamlessly integrate into existing DevSecOps pipelines and facilitate remote team collaboration.
GrammaTech CodeSonar 7.0 also includes enhanced support for development tools from Microsoft, Jenkins and GitLab, and additional secure coding standards that enable organizations to further automate code testing and shift security left.
According to Gartner, Inc. “DevSecOps offers a means of effectively integrating security into the development process, eliminating or reducing friction between security and development, and pragmatically achieving a secure, workable software development life cycle (SDLC). The goal is to enable development to move faster without compromising on security and compliance.”
Seamless SAST integration for AppDev pipelines
To provide greater deployment flexibility and efficiency for detecting and fixing errors in code, the CodeSonar Hub can now be hosted in a single-tenant AWS cloud instance to share CodeSonar capabilities and results across geographically distributed teams. This hybrid SaaS deployment model combines on-premises build environments with the CodeSonar Hub hosted on AWS, simplifying administrative tasks such as provisioning new users and instantly scaling up cloud resources to meet changes in code testing demand.
To further integrate SAST into existing environments and CI/CD pipelines, CodeSonar adds more support for key enterprise IT and development tools to accelerate DevSecOps adoption, including:
- Simplifying CodeSonar user and role management with LDAP, Microsoft Active Directory and single sign on (SSO) services
- Delivering CodeSonar warnings directly in Visual Studio 2022 to more efficiently find and fix issues while coding
- Supporting concurrent builds in Jenkins to make results reporting easier and enable more SAST capabilities in the platform’s workflow
- These integrations expand existing support for GitHub, GitLab, Eclipse, Jira and others.
“Application security testing can no longer be a standalone function that occurs outside of development pipelines due the cost and product delays of testing code after a build is complete,” said Vince Arneja, Chief Product Officer for GrammaTech. “CodeSonar provides advanced code testing and analysis capabilities that can be seamlessly integrated into any development environment including on-premises, hybrid cloud and remote team scenarios – allowing developers to find code defects earlier, efficiently fix them and accelerate the delivery of quality, safe and secure products.”
Automating safety and security
Supporting coding standards is essential for ensuring developers are continually meeting critical safety, security and industry specific standards as code moves through the SDLC. To help developers meet these standards, CodeSonar adds new rules mapping warning classes to CERT-C and CERT-C++ guidelines which reduces certification costs and increases software quality, safety and security. CodeSonar already supports MISRA/AUTOSAR, ISO 26262/IEC 61508, ISO/SAE 21434, IEC 62443, DO 178 B/C and CENELEC EN 50128.
Meanwhile, CodeSonar OWASP, CWE, CERT, and DISA STIG reports accelerate certification efforts by identifying quality and security issues at the earliest stages of the development cycle, so they can be remediated as developers code.
With greater emphasis being placed on open source risk management, many organizations are starting to require a Software Bill of Materials (SBOM) from vendors before accepting a new software package into their development environment. GrammaTech now provides a CycloneDX SBOM for CodeSonar that delivers complete visibility into third-party and open source components it contains so customers can confidently and safely deploy GrammaTech’s SAST solution in their environments while meeting the SBOM requirements of the recent Presidential Cybersecurity Executive Order.
GrammaTech CodeSonar 7.0 is available immediately from GrammaTech and its business partners worldwide.