Codesonar helps you find critical coding defects at compile time with a low false positive rate.

You can try CodeSonar for Source Code for free on your code

Fill in your details and we'll get you your free evaluation of CodeSonar to try on your code.


CodeSonar for source code is designed to detect defects such as data races, deadlocks, buffer overruns, leaks, null-pointer de-references, uses of un-initialised variables, and other security vulnerabilities, at compile time, that are famously tough to find. Because it’s used as part of your development cycle, without you having to modify your code, you can dig out and fix these bugs while you work, reducing test cycles and remedial development time.


You can quickly and easily deploy CodeSonar as part of your build process, creating an abstract model of your code which is then analysed to find potential defects. Because CodeSonar has a flexible and open architecture, you can easily import and export data and add your own custom metrics and checks. codesonar-warnings-chart


One of the main reasons we love CodeSonar is because you can perform a whole-program analysis of millions of lines of C, C++ and Java source code which gives you:

  • Ultra-quick daily inspection – using incremental analysis to review daily changes to the code
  • Analysis of the entire program – going beyond mere pattern matching or approximations, but instead performs an analysis that examines the computation of the entire program
  • Sophisticated analysis – this approach naturally uncovers defects with new or unusual patterns.

“We are very pleased with our choice to work with SCL and CodeSonar.CodeSonar has allowed us to significantly reduce bug-related problems and improve the overall quality of our devices. Our customers are very happy with the improvements and other areas of our own business are keen to start using it as well.”

Deputy General Manager at Actia Italia


The Blog

Using static analysis to protect against SQL Injection attacks

Adobe, eBay, Microsoft UK, Racing Post, Sony PSN and TalkTalk … what have these companies got in common? Answer: each of them has, as a result of being hacked, suffered brand damage and loss of customer trust.


Takes Place on:
20/07/2017 at 11:00

Defects and Vulnerabilities – Analysing third party binaries

This webinar explores the difficulty facing all static analysis tools that need to analyse third party or external modules that are unavailable in source code form.

Register Now See all Events


Advanced Static Analysis for C and C++

Static analysis tools have been around for decades and have helped many customers improve the quality of their code by finding programming problems.

View See all Resources