Knowledge base
-
You need to sign in to view this page.CodeSonarCodeSonar, our award winning SAST platform, includes deep support for C/C++, C# and Java. Multiple development tool integrations for DevSecOps implementations enhance team collaboration.
-
You need to sign in to view this page.CodeSentryWhen you do not have access to source code, our Binary SCA solution can determine N-day vulnerabilities from the embedded open source, 0-day vulnerabilities, licensing information, as well as create a SBOM.
Promoted articles
-
The speed of our support team's response time depends on the priority level you select when you submit your ticket. Your ticket priority level can be changed by CodeSecure support to be higher or lower based on how an issue impacts your business.
Note: In cases where support is purchased through a CodeSecure-authorized reseller, the reseller will provide technical support to the customer as defined in their own separate agreement.
Note: If you have purchased Premium Support then the response times will differ from Standard Support.
Response Times
Impact
Standard Response Times
Premium Response Times
Follow-up
P1 (Urgent)
1 day
2 hours
Ongoing assistance until resolution
P2 (High)
1 day
2 hours
Ongoing assistance until resolution
P3 (Normal)
2 days
1 day
If, in CodeSecure’s sole determination, a workaround or other developer solution is appropriate and feasible utilizing reasonable efforts
P4 (Low)
3 days
2 days
No follow-up defined
Business Hours
Standard support services via electronic mail or via the support portal are between the hours of 9:00 AM and 6:00 PM, U.S. Eastern time, Monday through Friday excluding US public holidays.
Issue Priority
Incident priority for a defect is determined using the guidelines below. When logging a ticket via the support portal the priority is classified as defined in brackets below.
Priority Definition P1 (Urgent)
Any issue that causes the Software to be nonfunctional
P2 (High)
Any issue that causes a significant or ongoing interruption of use of critical functions with no acceptable work-around available, as determined jointly by the CodeSecure and Customer
P3 (Normal)
Any issue that causes limited interruptions of use of a non-critical function as determined jointly by the CodeSecure and Customer
P4 (Low)
Any issue that does not significantly impede work or progress, a general question or issue
You can set the priority of a ticket when submitting via the support portal which will require you to login with a registered account. However, CodeSecure reserves the right to reclassify the priority level at any time if we reasonably believe the classification is incorrect. Re-classifications are almost exclusively used in situations where a ticket is submitted as Urgent, usually a non-production setup issue, or how-to question.
CodeSecure support may also increase the priority level if the situation is deemed to be more urgent than originally reported. If you do not choose a priority level when you create a ticket, it will default to standard (normal).
-
Overview
CodeSecure offers two main support offerings focused on assisting customers improving their software quality, security and safety. Different customers have different needs in their software development lifecycle and the two-support offering aims to provide flexibility. Standard support is aimed at software development teams for which static analysis is important, but not critical, while the premium support is aimed at teams in which static analysis is a key part of the release cycle and hence dedicated Service Level Agreements (SLAs) are key to support the business.
A PDF data sheet of all offerings can be found here.
Standard Support
- Professional support Monday-Friday, 9am to 6pm ET (Eastern US Timezone)
- Targeted response from Developer Support Engineers via Phone, Email, or Web
- Self-Help providing instance access to solutions via the Support Portal
- New product releases, defect fixes, and workarounds
Premium Support
Includes everything in Standard Support, plus:
- Comprehensive support 24 hours a day, 7 days a week for high impact issues
- Faster Initial Response with dedicated phone line
- Dedicated Support Engineer
- Assistance with Custom Configurations
- Priority Ticket Handling
Support Feature Standard Premium Support Hours (all business hours)
9am - 6pm EDT 7x24 Targeted Response – email, web & phone
✔ ✔ Self Help Tools via Customer Support Portal
✔ ✔ New Product Releases, Patches & Workarounds
✔ ✔ Comprehensive 24/7 Support
✖ ✔ Faster Initial Response with dedicated phone line
✖ ✔ Dedicated Support Engineer
✖ ✔ Assistance with Custom Configurations
✖ ✔ Priority Ticket Handling
✖ ✔ Premium Details
Dedicated Support Engineer
Handled by specialist engineers who built up knowledge and have familiarity with customer environments and can resolve premium tickets expeditiously. Engineers will ensure pending actions are acted on in a timely manner, inspected regularly with an eye toward timely resolution and QBRs to discuss overall product usage and ticket submission.
Assistance with Custom Configurations
Will provide technical guidance and oversight for specific configurations involving custom checkers, custom compiler models, third-party integration that all contribute to work effort in upgrading product versions. Testing and enhancing custom workflows will be assessed to ensure performance impact is kept to a minimum. Best practices for all custom models will be discussed to ensure there is momentum towards moving to non-custom models, allowing for easier migration when upgrading.
Priority Ticket Handling
Tickets are handled by support engineers who work quickly to resolve issues that are related to product defects and where high impact situations arise that need escalating. Engineers will work closely with other teams to prioritize work and to find solutions. Where required workarounds/patches will be released ahead of schedule so timelines can be met.
Faster Initial Response
Tickets will be responded above the threshold set for standard support customers. The definitions defined for impact (severity) are listed below and initial response times based on impact for premier customers will be reduced, see article for target times. Dedicated phone number to ensure you receive quick support on urgent issues.
- Professional support Monday-Friday, 9am to 6pm ET (Eastern US Timezone)
-
The following tables show the present supported versions for CodeSonar and CodeSentry. This article also provides clarification on how support is defined as well as what is included in different versions.
Product Version Policy Document
Can be downloaded here.
Version Changes: X.Y
-
X: major release
- Significant new functionality added (or integrations)
-
Y: minor release
- Enhanced and/or new functionality
-
Z: patch release
- Release that contains patches, bug fixes, and very minor enhancements
LifeCycle
- Active: current release and two versions thereafter
- Sunset: products that fall outside active which detail the following:
- No enhancements, only Critical/Urgent defects fixed
- Start EOL window, which lasts 12 months
- End of Life (EOL): No fixes will be made available; installers are available if required and there is no end-of-life support
CodeSonar
Product/Version Release Date State Notes CodeSonar 8.2.0
08/21/2024 Active Integration to Gerrit code review, improved warning category filtering, and updates to C/C++. CodeSonar 8.1.0
04/03/2024 Active New Language Support - Kotlin, Go, Rust, Python, Typescript and Javascript - see video for more info. CodeSonar 8.0.0
11/20/2023 Active CodeSonar 7.4.1
10/10/2023 Sunset Planned EOL 06/24/2025 CodeSonar 7.3.1
4/6/2023 Sunset Planned EOL 04/03/2025 CodeSonar 7.2.0
12/19/2022 Sunset Planned EOL 10/24/2024 CodeSonar 7.1.1 9/12/2022 EOL
EOL 08/21/2024 CodeSonar 7.0.2 4/26/2022 EOL EOL 04/03/2024
CodeSonar 6.2.2 12/20/2021 EOL EOL 11/21/2023
CodeSonar 6.1.3 8/3/2021 EOL EOL 7/27/2023 CodeSonar 6.0.3 4/5/2021 EOL EOL 4/20/2023 CodeSonar 5.4.0 9/15/2020 EOL EOL 12/19/2022 CodeSonar 5.3.0 6/15/2020 EOL EOL 9/8/2022 CodeSonar 5.2.0 12/7/2019 EOL EOL 4/5/2022 CodeSonar 5.1.1 8/27/2019 EOL EOL 9/15/2021 CodeSonar 5.0.0 8/15/2018 EOL EOL 6/15/2021 CodeSentry
Product/Version Release Date State Notes CodeSentry 6.1
8/23/2024 Active Features video CodeSentry 6.0.2
5/24/2024 EOL Features video CodeSentry 5.2
12/18/2023 EOL Features video CodeSentry 5.1.1
10/13/2023 EOL Features video CodeSentry 5.0
7/3/2023 EOL Features video CodeSentry 4.2.3
3/20/2023 EOL Features video CodeSentry 4.1.2
12/23/2022 EOL Upgrade required before 12/31/2022
CodeSentry 4.0
9/13/2022 EOL CodeSentry 3.1.1
7/15/2022 EOL CodeSentry 3.0.6 2/28/2022 EOL CodeSentry 2.1.2 8/31/2021 EOL CodeSentry 2.0 7/2/2021 EOL General Availability from v2.0 onwards
Standalone CodeSonar for Java and C#
Product/Version Release Date State Notes Standalone CodeSonar 3.2
8/20/2020 EOL Customers are advised to upgrade to a supported version of CodeSonar
Julia 3.0
12/31/2019 EOL Customers are advised to upgrade to a supported version of CodeSonar
-
X: major release
-
This video demonstrates what CodeSecure can do to protect your code and help build out strength and depth against threats connected to code used in application across many different types of industries.
-
Overview
This article provides information on what support is given to host platform, languages and compilers. The information listed below can be found in the manual by searching for the keyword 'System Requirements' which then will result in other topics being linked thereafter.
Platform Support
OS Version Notes Windows Desktop: 10, 11
Server: 2016, 2019, 2022
Linux All flavors glibc 2.11.3 or later (x86 and x86-64 only)
If your source tree includes non-ASCII file or directory names, then:
- The locales package must be installed.
- The locale environment corresponding to those file and directory names must be defined.
See the documentation for your Linux distribution if you need information on how to define a locale environment: the mechanism is distribution-dependent. For example, Ubuntu and Debian provide command locale-gen; CentOS and Fedora provide localedef.
NetBSD 8.1 x86-64 only; 64-bit build tools only FreeBSD 10, 12 x86-64 only; 64-bit build tools only It is important to note the the following when running CodeSonar for Java/C# analysis:
- CodeSonar Java analysis is available on 64-bit Windows and Linux only.
- CodeSonar C# analysis is available on 64-bit Windows only, and requires .NET Framework 4.7.2 or later.
Language Support
Language/Tiers Features Standards Notes Tier 1
C C89/C90
C99
C11
C17/C18
ANSI X.3.159-1989 / ISO/IEC 9899:1990
ISO/IEC 9899:1999
ISO/IEC 9899:2011
ISO/IEC 9899:2018
All features supported. CodeSonar parses and generates internal representation for all features from these standards
C C23
n/a
Many features supported, see manual for more information.
C++ C++98
C++11 (C++0x)
C+14 (C++1y)
C++17 (C++1z)
C++20
C++23
C++26
ISO/IEC 14882:1998
ISO/IEC 14882:2011
ISO/IEC 14882:2014
ISO/IEC 14882:2017
ISO/IEC 14882:2020
n/a
n/a
All Features supported
All Features supported
All Features supported
All Features supported
Most Features supported
Some Features supported
No features supported
Tier 2
Java 1.1-19
Android API 15-28
CodeSonar ships with its own JVM, so the analysis of Java projects is not dependent on your local Java version(s).
C# .NET Framework 1.0, 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
CodeSonar supports C# up to version 10.0
C# .NET Core 1.0, 1.1, 2.0, 2.1, 2.2, 3.0, 3.1
CodeSonar supports C# up to version 10.0
C# .NET 5.0, 6.0, 7.0, 8.0 CodeSonar supports C# up to version 10.0
Tier 3: all other languages
Go, JavaScript and TypeScript, Kotlin, Python, Rust
Analysis for tier 3 source languages is provided through integration with third-party analyzers.
We provide general instructions for integrating SARIF results from any analyzer with your CodeSonar project. We also provide tool-specific instructions for a select number of third-party analyzers. Some of these are shipped with CodeSonar and some are not.
Shipped with CodeSonar.
Note that if you are already using one of these tools in your organization, we recommend using your own installed version rather than the one shipped with CodeSonar.
- Kotlin
Not shipped with CodeSonar. See the following section for more information.
- Clang Static Analyzer
- ESLint, typescript-eslint, SARIF formatter for ESLint
- Pylint
- Rust Clippy; Rust Clippy-Sarif
- Staticcheck
Third-Party Tools Not Shipped with CodeSonar
CodeSonar provides a number of integrations with external third-party software: software that is neither part of CodeSonar nor shipped with CodeSonar.
- In order to use these integrations, the relevant software must be available on your local system. If it is not already available, you will need to install and configure the software.
- These software packages are supported by their respective manufacturers.
See the manual for more information.
Compiler Support
CodeSonar comes with a number of pre-installed compiler and compiler driver models and is expected to be compatible with widely-used versions of these compilers. Other compilers not on this list can be accommodated either through the generic compiler, or with the custom compiler accompanied with some scripting.
It is important to note that an object-code compiler is represented in CodeSonar by a compiler model.
Model Description Linux FreeBSD NetBSD Windows armcc ARM Real View Compiler Tools C/C++ compiler
✔ ✔ ✔ ✔ armclang ARM Clang compiler ✔ ✔ ✔ ✔ borland Borland C++ for Win32, Embarcadero C++ for Win32
✖ ✖ ✖ ✔ c++ppc Wind River version of GNU C compiler
✔ ✔ ✔ ✔ c251 Keil C251 C Compiler
✔ c51 Keil C51 C compiler ✖ ✖ ✖ ✔ cc Generic C compiler ✔ ✔ ✔ ✔ ccppc Wind River version of GNU C compiler
✔ ✔ ✔ ✔ ccrx Renesas C/C++ compiler for RX family
✖ ✖ ✖ ✔ ch38 Renesas C/C++ compiler for H8S, H8/300 Series
✔ ✔ ✔ ✔ chc12 Freescale CodeWarrior for HC12
✔ ✔ ✔ ✔ c1 Microsoft C compiler ✔ ✖ ✖ ✔ c130 Texas Instruments TMS320C3x/C4x Optimizing Compiler
✔ ✔ ✔ ✔ c16x Texas Instruments TMS320C6000 Optimizing C/C++ Compiler
✔ ✔ ✔ ✔ clang Clang C compiler ✔ ✔ ✔ ✔ clangpp Clang C++ compiler ✔ ✔ ✔ ✔ cosmic Cosmic C compilers ✔ ✔ ✔ ✔ cvavr CodeVisionAVR C compiler ✖ ✖ ✖ ✔ dcc Wind River C and C++ compilers
✔ ✔ ✔ ✔ ecomppc Green Hills C Compiler ✔ ✔ ✔ ✔ gcc GNU Compiler Collection C Compiler
✔ ✔ ✔ ✔ gpp GNU Compiler Collection C++ Compiler
✔ ✔ ✔ ✔ icc430 IAR MSP430 compiler ✔ ✔ ✔ ✔ icc78k IAR Renesas 78k compiler ✔ ✔ ✔ ✔ iccarm IAR ARM compiler ✔ ✔ ✔ ✔ iccavr IAR AVR compiler ✔ ✔ ✔ ✔ iccgeneric IAR compilers not covered by specific models
✔ ✔ ✔ ✔ iccm32c IAR M32C compiler ✔ ✔ ✔ ✔ iccrx IAR Renesas RX compiler ✔ ✔ ✔ ✔ iccstm8 IAR STM8 compiler ✔ ✔ ✔ ✔ iccv850 IAR v850 compiler ✔ ✔ ✔ ✔ iccm16c IAR Renesas M16C/R8C compiler ✔ ✔ ✔ ✔ mcc18 MPLAB C18 C Compiler ✔ ✔ ✔ ✔ mcc30 MPLAB C30 C Compiler ✔ ✔ ✔ ✔ mcpcom Intel C/C++ compiler ✔ ✔ ✔ ✔ mwccarm Freescale CodeWarrior for Embedded ARM compiler ✖ ✖ ✖ ✔ mwccmcf Freescale CodeWarrior for ColdFire compiler
✖ ✖ ✖ ✔ picc Hi-Tech C compiler ✔ ✔ ✔ ✔ qcc QNX C/C++ compiler ✔ ✔ ✔ ✔ shc Renesas C/C++ compilers for the SuperH RISC engine family
✔ ✔ ✔ ✔ shcpp Renesas C/C++ compilers for the SuperH RISC engine family
✔ ✔ ✔ ✔ tasking The TASKING TriCore, PCP, and C166/ST10 compilers
✔ ✖ ✖ ✔ visualdsp The SHARC, TigerSHARC and Blackfin compilers that ship with VisualDSP++
✔ ✔ ✔ ✔ xcc Customizable C compiler ✔ ✔ ✔ ✔ Supported without Compiler Models
(Windows Only) CodeSonar provides special handling for builds with CodeWarrior installations that use DLLs:
Mode Notes DLLs If your CodeWarrior installation uses DLLs, there will be a collection of compiler plugin .dll files in an installation subdirectory. Usually the subdirectory will be something like cw_install\bin\plugins\compiler\where cw_install is the CodeWarrior installation directory.
In this case, use the DLL Approach (Windows only)
compiler executables If your CodeWarrior installation uses compiler executables, there will be one or more compiler .exe files in an installation subdirectory. Usually the subdirectory will be something like cw_install\binwhere cw_install is the CodeWarrior installation directory.
In this case, use the Standard Approach
DLL Approach (Windows only)
If your CodeWarrior installation uses DLLs, you will need to install CodeSonar DLLs for CodeWarrior so that CodeSonar can capture full information about your software build.
Standard Approach
If your CodeWarrior installation uses compiler executables rather than DLLs, you don't need to install any additional components. Observed compiler invocations will be recognized and mapped to Compiler Support (Pre-installed Compiler/Driver Models) using exactly the same mechanisms as are used for other tools.
There are currently three pre-installed CodeWarrior compiler models:
- chc12: Freescale CodeWarrior for HC12 compiler model
- mwccarm: Freescale CodeWarrior for Embedded ARM compiler
- mwccmcf: Freescale CodeWarrior for ColdFire compiler model
Custom Compiler Models
CodeSonar ships with compiler models for many industry standard compilers. In cases where none of these models are suitable, a custom compiler model may be required.
Compiler models can be authored in C++ or Python and if you are a premium support customer you may leverage tailored support to help build out custom compiler models to fit your software project requirements.
Note: STk compiler models are no longer supported. If you have previously implemented a custom STk compiler model and need assistance converting it to C++ or Python, please submit a support ticket where advice may be given on potential next steps.
-
Overview
CodeSentry is built as a SaaS hosted solution but can be installed locally within your own domain if required. The on-premise installation uses Replicated and consequently the operating system and hardware requirements for CodeSentry are closely related to those for Replicated as described below.
This information is applicable to all versions of CodeSentry that are supported via our product matrix.
Platform Support
It is important to note that CodeSentry can only be installed on Linux systems.
Linux Distribution Version Disk Usage Amazon Linux 2 * Centos 8.4, 8 Stream * Red Hat Enterprise Linux Server 7.5-7.9, 8.1-8.9, 9.0-9.3 /var - Kubernetes container storage Ubuntu 18.04, 20.04, 22.04 /var Hardware
Hardware requirements are specific to the workload running in the cluster but the following guidelines are recommended to support bare cluster installations.
Primary:
- Memory - recommended: 132GB, minimum: 100GB
-
CPU - Intel Xeon® Platinum 8175M processors with Advanced Vector Extension (AVX-512) instruction set (or better).
- Cores - recommended: 46 virtual cores, minimum: 38 virtual cores
- Disk - High-IOPS, low latency disks are required (SSD, non-NFS) - 4.5TB
Node:
- Memory - recommended: 96GB, minimum: 32GB
- CPU - recommended 16 virtual cores, minimum: 8 virtual cores
- Disk - 1.5TB
Performance
Typical performance, noted as number of targets scanned per hour, is calculated by scanning a variety of typical software packages. CodeSentry is capable of the following performance, depending upon hardware settings.
Hardware settings Performance Minimum up to 2500 targets per hour
Recommended up to 4600 targets per hour
Installer Files
Bundle Size Airgap Bundle 5.2GB KOTS installer 4.1GB
CodeSentry Postgres database 85GB or 123GB - larger file will decompress more quickly
Ports Used
Scope Port Numbers On primary node for HTTP communication 80 On primary node for HTTPS communication 443 Admin UI 8800 Prometheus 30900 Grafana 30902 Alertmanager 30903 Kubernetes API TCP connection 6443 (optional for worker nodes) Weave 6783 (optional for worker nodes) Logs 10250 (optional for worker nodes) Supported File Formats
Analyzable File Type (mime type) Typical File Extension N-Day/
SBOM
Zero-Day N-Day Deep Zero-Day Deep Android Dex
.dex ✔ ✔ ✔ ✔ Android ODex
.odex ✔ ✖ ✖ ✖ Java Archive (application/zip)
.jar ✔ ✖ ✖ ✖ Java Class File .class ✔ ✖ ✖ ✖ Javascript files .js ✔ ✖ ✖ ✖ Javascript packages .npm ✔ ✖ ✖ ✖ Linux executable
(application/x-executable)none ✔ ✔ ✔ ✔ Linux executable
(application/x-pie executable)none ✔ ✔ ✔ ✔ Linux kernel none ✔ ✖ ✖ ✖ Linux kernel module none ✔ ✖ ✖ ✖ Linux shared library (application/x-sharedlib) .so ✔ ✔ ✔ ✔ Linux Object File
*
(application/x-object).o ✔ ✖ ✔ ✔ MacOS executable or library
(application/x-mach-binary)none ✔ ✖ ✖ ✔ Python files .py ✔ ✖ ✖ ✖ Python packages .whl, .python ✔ ✖ ✖ ✖ Windows dynamic linked library (application/x-dosexec) .dll ✔ ✔ ✔ ✔ Windows object file .obj ✔ ✖ ✖ ✔ Windows executable
(application/x-dosexec).exe ✔ ✔ ✔ ✔ Firmware files various ✔ ✖ ✖ ✖ *
= Zero-day analysis of a.o
file will complete with scan status of "Done" but no findings will be detected.Operating System and Package Detection (Windows) supports analysis of Windows registry hive and Windows UWP/AppX package manifest files.
NOTE: The registry files that operating system analyzer supports are those named SOFTWARE that appear in a System32/config directory, and NTUSER.DAT
Archive File Type Required File Extension AR .a, .ar, .deb, .lib arj .arj bzip2 .bz2, .tbz, .tbz2 Cab .cab, .msu Compound types .msi, .msp Cpio .cpio cramfs .cramfs Docker container .tar.gz Ext2 .ext2 Ext3 .ext3 Ext4 .ext4 FAT .fat Gzip .gz, .gzip, ,tgz Iso .iso lrzip .lrz lzip .lz lzma .lzma lzop .lzo MacOS Installer .dmg (HFS/HFS+only) MBR .mbr Pax .pax QNX .ima Rar .rar Rpm .rpm rzip .rz Squash FS .sqsh, .squashfs, .sfs, .sqf, .sqfs, .sqs, .squ Tar .tar, .ova upx .upx VMDK .vmdk Windows Image Format .wim, .swm Xar .xar, .pkg Xz .xz, .txz ZIP .zip, .ipa, .xpi, .vsix, .whl, .apk 7z .7z Supported Firmware Formats
The following formats are supported
- File Formats
- SREC
- bFLT
- base64
- Intel HEX
- uBoot
- wim
- File Systems
- JFFS2 (.img and .jffs2)
- romfs
- yaffs2
- ubifs
Other Information
The following addition information can be found in the CodeSentry datasheet
- Software Bill of Materials (SBOM) Output
- Vulnerabilities and Checks Performed
- Security Attributes
-
In today’s connected economy, more and more systems are controlled by software-based systems. These systems provide functions ranging from basic to highly sophisticated, from applications such as basic servo actuation in a public water delivery system to crash avoidance systems in the latest generation of automobiles to robotic surgery systems.
Given these increased needs, demands, and their associated safety and security requirements, many industry vertical applications have created development best practices, guidelines, and certification processes. Today, several secure coding standards have been adopted by various industries, including the following: DO-178B/C (Aerospace), IEC 61508 and IEC 62443 (Industry / Energy), ISO 26262 (Automotive), and IEC 62304 (Medical).
Central to each of these secure coding standards is the security, risk, and safety of software. The risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity. The risk is reduced to a tolerable level by applying secure coding best practices, the elimination of defects/warnings that can increase likelihood, and safety functions which may consist of E/E/PES and/or other technologies.
Static analysis is a crucial capability in supporting all standards. Static analysis simplifies the enforcement of coding standards across teams, improving the overall compliance for a required certification standard and quality of the code. CodeSecure helps teams:
- Build the necessary skills and understanding of the certification process through training and coaching.
- Implement automated enforcement through the deployment of CodeSonar.
- Support the documentation requirements of code analysis, supporting standards that include
CodeSecure’s Software Certification solution helps your team meet the most rigorous safety and security requirements.
-
Overview
CodeSecure's adoption acceleration services are aimed at enhancing the customer experience via advanced on-boarding, training and consulting. This will enable customers to quickly see value from our static code or software composition analysis solutions. Our team of experts will help integrate with existing build processes and identify vulnerabilities enabling safe and reliable code to be delivered to your customers.
Through our training and mentoring channels we allow your team to quickly get up to speed and to effectively rollout our CodeSonar or CodeSentry offerings through instructor-led sessions. If you are looking for customization or optimization, let our experts help you integrate our products into your DevSecOps pipeline or take advantage of our rich APIs that can help you stay connected to other tooling within your software development lifecycle.
Advanced On-Boarding
Services delivered to integrate CodeSonar into your build or DevSecOps environment. The options available include configuration, optimization, warning review, and pipeline integration.
Services will be driven by a Customer Implementation Plan and will cover the following topics.
- Installation/Scans
- Configuration
- CI/CD integration
- Reporting
- Q/A sessions
Services delivered to enhance the functionality and feature sets of CodeSentry. The options available include configuration, optimization, findings review, and introduction to APIs.
Services will be driven by a Customer Implementation Plan and will cover the following topics.
- Installation/Scans
- Configuration
- API integration
- Reporting
- Q/A sessions
Training
Instructor-Led Training introducing key features of the product and can be tailored to specific topics if required. The training is split into two main areas.
- Integrator – people that are installing the software and are responsible for running the product on a day-by-day basis
- Developer – people who are writing code and responsible for delivering high quality source code
Instructor-Led Training introducing key features of the product and can be tailored to specific topics if required. The training will cover an introduction to the APIs which offer the ability to integrated with other tooling and build workflows.Consulting
Engagements to enhance the overall customer experience and accelerate product adoption for CodeSonar. Some examples include:
- Integration with build infrastructure and pipeline
- Migration to hybrid SaaS
- Custom Reporting
- Custom Checkers – tailor-made warning classes
- Version Upgrades
Engagements to enhance the overall customer experience and accelerate product adoption for CodeSentry. Some examples include:
- Tailoring scans
- Automating workflows via APIs
- Migration from SaaS to on-premise
- SBOM generation
For any inquiries please email us at services@codesecure.com or for more information click here.
If you need to review our professional services agreement it can be found here.
-
Overview
This articles details what videos are available on our CodeSecure YouTube channel. Links are provided below and a brief summary of what the video entails.
Video Description GitLab DUO, CodeSonar and VS Code End to end security kill chain using GitLab DUO, CodeSonar and VS Code CodeSonar and GitLab DUO to explore vulnerabilities How to use the security features in GitLab Ultimate with GitLab DUO to explore security vulnerabilities. Incremental build in GitLab pipelines How to use CodeSonar incremental build with GitLab's cache feature to speed up pipeline builds. GitHub, VSCode & Private Runners How CodeSonar can be used by GitHub (normal, but also Enterprise versions), VS Code and private runners CodeSonar Hub API Documentation Generator SwaggerUI demo Use AI to fix MISRA warnings Feature walkthrough of GitHub Copilot New Language Support (Kotlin, Go, Rust, Python, JS & TS) New Language support available in CodeSonar 8.1 CodeSonar Build Modes Explorer how incremental analysis can be used to speed up build times Integrating CodeSonar with Bitbucket Feature walkthrough of the integration Dealing with Warnings Working through warnings effectively VSCode and GitHub Copilot Feature walkthough of the integration VSCode & DevContainers Demonstrate how to set up scalable dev-containers for a github repository MISRA Git Based Projects How to use CodeSonar and GitLab together to make an existing code base MISRA compliant GitLab Ultimate & VScode workflows Integration with a scalable compute through Kubernetes to deliver easy and flexible workflows for developers Memory Leaks & Info Window How CodeSonar views the call tree of specific functions an OpenSSL, review warnings found and how to navigate through the code of all the branches MISRA and CodeSonar Manual MISRA coding rules within the CodeSonar manual and how they translate into warning checks CodeSonar for Binaries Overview How does a binary analysis takes place CodeSonar and VSCode Feature walkthrough of the integration Buffer Overview Example Warning checker demonstration Null Pointer Dereference Warning checker demonstration CodeSonar Eclipse using Hybrid SaaS CodeSonar plugin for Eclipse IDE when working with Hybrid SaaS Merge Requests in GitLab Ultimate Review and triage CodeSonar warnings directly within GitLab ultimate merge request and security dashboard report pages Self Hosted Runners in GitHub Utilize OpenSSL and GitHub, with various actions taking place including a validation step with CodeSonar MISRA v Bug Detection CodeSonar and detecting code violations related to MISRA rule warnings as well as those bugs found in code using abstract execution Jenkins, GitHub & VSCode Feature walkthrough of the integration -
Overview
This articles details what videos are available on our CodeSecure YouTube channel. Links are provided below and a brief summary of what the video entails.
Video Description Software Consumer user case How CodeSentry can be used to investigate an unknown software package Feature Overview - 6.1 Feature walkthrough in our Aug 24 release Feature Overview - 6.0 Feature walkthrough in our Apr 24 release Feature Overview - 5.2 Feature walkthrough in our Dec 23 release Feature Overview - 5.1 Feature walkthrough in our Sep 23 release Feature Overview - 5.0 Feature walkthrough in our June 23 release Feature Overview - 4.2 Feature walkthrough in our Feb 23 release Feature Overview - 3.0 Feature walkthrough in our July 22 Self-extracting Installers Detect a self-extracting installer and how to analyze Vulnerable Components Finding vulnerable components in your applications