Team Leader in software dept at a tech services company with 11-50 employees
Real User
Top 20
2023-07-07T11:30:31Z
Jul 7, 2023
Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will be very beneficial for a large company site.
Team Lead at a tech services company with 10,001+ employees
Real User
Top 10
2022-11-28T17:42:42Z
Nov 28, 2022
I am from the embedded domain, in which typically, our code works on the hardware. We follow a standard called MISRA guidelines. The MISRA guidelines were not appropriately reported. There were some flags or errors. I was working on C++ code and there were certain class categories, which were C standards, and were being reported in C++, where C++ is a higher-level language, some of those may not even be applicable in the latest C++ version that we had. The reporting could improve to make the solution better. In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.
Senior Security Specialist at a computer software company with 51-200 employees
Real User
2022-11-01T19:13:25Z
Nov 1, 2022
It would be beneficial for the solution to include code standards and additional functionality for security. A higher emphasis is currently placed on quality defects than on security items.
It was difficult for us to have a rule since we sometimes have an issue based on the rules we apply. I don't know if it's an issue with the MISRA rule or how CodeSonar applies rules. However, it was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code. It's tricky to understand exactly how CodeSonar is analyzing the code. Basically, making rules not to be applied everywhere in the code is tricky. The initial setup is difficult. It was expensive.
Engineer at a manufacturing company with 11-50 employees
Real User
Top 20
2022-07-04T16:11:00Z
Jul 4, 2022
In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.
Senior Solutions Architect at a tech vendor with 1-10 employees
Real User
2019-06-13T12:36:00Z
Jun 13, 2019
The scanning tool for core architecture could be improved. The core complex is something that we really need to analyze, but the complex feature as a whole is not present in the tool. I would like CodeSonar to support many other programming languages, apart from C and C++. They should support things like AngularJS and Node.js, which are trending in the market right now.
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will be very beneficial for a large company site.
I am from the embedded domain, in which typically, our code works on the hardware. We follow a standard called MISRA guidelines. The MISRA guidelines were not appropriately reported. There were some flags or errors. I was working on C++ code and there were certain class categories, which were C standards, and were being reported in C++, where C++ is a higher-level language, some of those may not even be applicable in the latest C++ version that we had. The reporting could improve to make the solution better. In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.
It would be beneficial for the solution to include code standards and additional functionality for security. A higher emphasis is currently placed on quality defects than on security items.
It was difficult for us to have a rule since we sometimes have an issue based on the rules we apply. I don't know if it's an issue with the MISRA rule or how CodeSonar applies rules. However, it was difficult for us to apply a rule, especially to a part of the code, and not apply it to the rest of the code. It's tricky to understand exactly how CodeSonar is analyzing the code. Basically, making rules not to be applied everywhere in the code is tricky. The initial setup is difficult. It was expensive.
In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.
The scanning tool for core architecture could be improved. The core complex is something that we really need to analyze, but the complex feature as a whole is not present in the tool. I would like CodeSonar to support many other programming languages, apart from C and C++. They should support things like AngularJS and Node.js, which are trending in the market right now.