GrammaTech's advanced static analysis tools are used by software developers worldwide. Categories include avionics, government, medical, military, and industrial control. These tools are used for applications where safety, reliability and security are paramount.

GrammaTech is a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With static analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit

“Arm and GrammaTech collaborate to make it easier for customers to achieve functional safety certification in shorter time windows. Where Arm focuses on the hardware and the FUSA software components, GrammaTech CodeSonar is a static analysis solution that helps customers develop their application to be certification ready on top of the Arm platforms.”

Mark Hermeling, Senior Director Product Marketing


CodeSonar® empowers teams to quickly analyze and validate their code, either source or binary. This analysis helps to identify serious vulnerabilities or bugs that cause system failures, poor reliability, cyber security breaches, or unsafe conditions. CodeSonar finds more significant defects than other tools. Through their innovations in concurrency analysis, tainted data flow analysis, and comprehensive checkers.

Employ sophisticated algorithms

CodeSonar performs a unified data flow and symbolic execution analysis that examines the computation of the entire program. The approach does not rely on pattern matching or similar approximations. CodeSonar’s deeper analysis naturally finds defects with new or unusual patterns.

Comply with coding standards

CodeSonar supports compliance with standards like MISRA C:2012, MISRA C++:2008, IS0-26262, IEC-61508, DO-178B, US-CERT’s Build Security In, and MITRE’S CWE.

Analyze millions of lines of code

CodeSonar can perform a whole program analysis on 10M+ lines of code. Once an initial baseline analysis has been performed, CodeSonar’s incremental analysis capability makes it fast to analyze daily changes to your codebase. The analysis can run in parallel to take best advantage of multi-core environments

Analyze third-party code

CodeSonar’s Integrated Binary Analysis finds security vulnerabilities from libraries or other third-party code without access to source code.

Collaborate with teams

Automation features enable large teams to work together in a coordinated way. For example, it is easy to manage warnings across different project versions or development branches. A Python API supports customization & integration with other tools.

View quality trends

Graphs display data to help you manage development and testing efforts.

Software architecture visualization

Visualizing your code makes it easy to uncover and understand relationships between different elements in the code. Visual Taint Analysis allows you to quickly spot the source of potentially dangerous information flows.

Reduce the cost of development

Identifying and eliminating defects throughout the development cycle helps you ship on-time without business risks and liabilities.