For embedded system software development
Integrated Solutions
From project management to design and verification for international standards compliance!
Software bug and vulnerability detection solution
CodeSonar
A static analysis solution that detects potential runtime errors and security vulnerabilities in source code through Control Flow, Data Flow, and Semantic Analysis.
CodeSonar is a static analysis tool that enhances software reliability by detecting potential run-time errors that may occur during software execution.
Using advanced deep flow analysis, CodeSonar identifies critical defects such as buffer overruns, memory leaks, and data races that can lead to system failures or security incidents.
With CodeSonar, organizations can effectively meet the static analysis requirements mandated by international functional safety and cybersecurity standards, including ISO 26262, ISO/IEC 21434, IEC 61508, EN 50128, IEC 62304, DO-178, as well as defense software development guidelines and Hyundai Motor Company secure coding rules.
Key Features
1
Deep Flow Analysis
Performs abstract interpretation–based deep analysis to examine all possible execution paths of a program.
Analyzes external libraries and standard libraries included in the code to detect defects that may occur during actual runtime.
Comprehensive path-based static analysis
Analyzes external libraries and standard libraries included in the code to detect defects that may occur during actual runtime.
Comprehensive path-based static analysis
2
Support for Multiple Languages and Large-Scale Projects
Supported languages: C/C++, C#, Java, Kotlin, Python, Go, Rust, JavaScript, TypeScript
Supported environments: Yocto, AOSP, and other large-scale embedded and application platforms
Supported environments: Yocto, AOSP, and other large-scale embedded and application platforms
3
Compliance with Industry and Safety Standards
Supports coding and security standards including MISRA, AUTOSAR, JSF++, CWE, and CERT.
Complies with international safety standards such as IEC 61508, ISO 26262, and EN 50128.
Provides required artifacts for DO-178 / DO-330 compliance.
Complies with international safety standards such as IEC 61508, ISO 26262, and EN 50128.
Provides required artifacts for DO-178 / DO-330 compliance.
4
Actionable Defect Remediation Insights
Helps prioritize reviews based on defect severity and remediation effort.
Provides insights into root causes and related code paths, enabling developers to quickly understand and resolve issues.
Provides insights into root causes and related code paths, enabling developers to quickly understand and resolve issues.
Key Capabilities
1
Accurate and In-Depth Analysis
Analyzes entire programs ranging from small embedded codebases to large-scale systems such as Android and Yocto.
Utilizes abstract interpretation, control flow, and data flow analysis to detect critical defects including static memory errors, resource management issues, and concurrency-related problems.
Utilizes abstract interpretation, control flow, and data flow analysis to detect critical defects including static memory errors, resource management issues, and concurrency-related problems.
2
Fast and Efficient Code Review
Traces execution paths leading to defects, allowing reviewers to focus only on code relevant to the issue.
Provides instant visibility into definitions and usage history (read/write) of identifiers such as variables, functions, and macros via mouse-over inspection.
Provides instant visibility into definitions and usage history (read/write) of identifiers such as variables, functions, and macros via mouse-over inspection.
3
Collaboration-Centric Integrated Management
Supports seamless collaboration among stakeholders through a web-based centralized management platform.
Enables role-based project access control and assignment of defect ownership for clear responsibility management.
Enables role-based project access control and assignment of defect ownership for clear responsibility management.
4
Customization
Provides custom rule sets and reports aligned with industry-specific requirements.
Allows exclusion of non-relevant files from analysis using flexible search and filtering options.
Allows exclusion of non-relevant files from analysis using flexible search and filtering options.
5
Plug-ins for Automated Static Analysis
Supports integration with various CI tools and GitLab SAST reports for automated static analysis pipelines.
Enables defect tracking through Jira plug-ins, allowing identified issues to be managed as tickets.
Enables defect tracking through Jira plug-ins, allowing identified issues to be managed as tickets.
6
Software Structure Visualization
Visualizes function call paths in a tree structure, making caller–callee relationships easy to understand.
Allows users to see where selected functions execute within the overall program flow, enabling intuitive tracking of defect propagation paths.
Allows users to see where selected functions execute within the overall program flow, enabling intuitive tracking of defect propagation paths.
Industries
Use Cases
1
Automotive
Supports detection of run-time errors required by OEM static verification standards and ensures compliance with secure coding guidelines.
2
Aerospace & Defense
Fully supports vulnerability assessments (CWE-658/659) and security weakness checks required by the Weapon Systems Software Development and Management Manual. Also provides 100% coverage of the Ministry of the Interior and Safety’s “Secure Software Development Guide.”
3
Semiconductor
Automatically detects syntax errors, coding standard violations, and security vulnerabilities in semiconductor equipment and SoC software to ensure high code quality.
4
Telecommunications
Detects security vulnerabilities in software for network switches, base station equipment, and firewalls to enhance overall software quality.
Key Clients
Automotive & Railways
Aerospace & Defense
Software & IT Services
Government & Public Sector
Retail & Consumer Goods
Healthcare
Energy
Share MDS Intelligence content on your SNS!
CodeSonar Contact
Contact Us Directly
An MDS Intelligence CodeSonar specialist will assist you accurately and promptly.
codesonar@mdsit.co.kr
Inquire About CodeSonar
