logo

Video topics:     Company/General     Testwell CTC++     Testwell CMT++/CMTJava     CodeSentry    CodeSonar    Imagix 4D     Codee     ALL Videos    

YouTube Playlists (Link to YouTube)

Videos in other languages: German French UK US Chinese Russian Flag Spanish Flag

GrammaTech CodeSonar: Introduction

Narrow-Solution Static Analysis Tools vs. CodeSonar
Narrow-Solution Static Analysis Tools vs. GrammaTech CodeSonar
4:59     July 2019
Static Code Analysis Tools range widely in scope. Narrower tools, including commercial tools, and open source tools like CPP Check , can be used to find bugs in code, but they become apples to oranges when compared to advanced tools like GrammaTech CodeSonar. CodeSonar is more than just a tool for developers. It is also a solution for managers and security auditors.
Machine Learning for Finding Programming Defects and Anomalies
Machine Learning for Finding Programming Defects and Anomalies
37:45     March 2019
6. Static Code Analysis Day 2019:
This talk will describe how machine learning techniques work and will show how they are able to find several previously unknown bugs in high-profile software systems. It will demonstrate how software developers can use these techniques to find defects that are otherwise very difficult to anticipate.
Mark Hermeling
Do We Really Even Need Static Analysis Anymore?
03:28     March 2020
As Mark Hermeling, Director of Product Marketing for GrammaTech explains, dynamic analysis code testing tools may identify errors like NULL pointer dereferences or buffer overflows days or weeks after the original author has finished writing the code. But with static analysis, you're able to find those code quality issues earlier in the development cycle, eliminating a lot of potential cost, headaches, and wasted time later on. ...
Embedded World 2018: GrammaTech with Innovations for CodeSonar
Embedded World 2018: GrammaTech with Innovations for CodeSonar
02:03     March 2018
GrammaTech CodeSonar is the leading tool for advanced static source code and binary analysis. GrammaTech is working on a groundbreaking technology that combines static and dynamic analysis techniques. A completely new plug-in for CodeSonar which detects state violations during host-based testing by analyzing memory usage will be available later this year. For developers, this means more efficiency, less security risks, and shorter time-to-market.
GrammaTech at the Embedded World 2018
GrammaTech at the Embedded World 2018
02:27     March 2018
Interview with Mark Hermeling, Senior Director of Product Marketing at GrammaTech.
GrammaTech CodeSonar?
Integration Between GrammaTech CodeSonar and Wind River Workbench
11:15     May 2017
With this integration, software developers can annotate and resolve the software vulnerabilities that CodeSonar highlights without leaving the Wind River Workbench development environment, thereby significantly boosting productivity. Supporting the native Wind River VxWorks® real-time operating system as well as the POSIX API, CodeSonar provides advanced, whole program static analysis of application software and device drivers running in either kernel or user mode. For developers of complex Internet of Things (IoT) devices, CodeSonar delivers a must-have capability as it finds security and quality problems as well as problems specific to multi-core development such as deadlocks, livelocks, resource starvation, and race conditions. CodeSonar identifies bugs that can result in system crashes, unexpected behavior, and security breaches, reducing the risk of shipping costly, brand-damaging defects. It finds these bugs during the development phase, before software is tested, thereby saving cost and time.
GrammaTech: DevSecOps – Detecting 0-day and N-day vulnerabilities, everyday
GrammaTech: DevSecOps – Detecting 0-day and N-day vulnerabilities, everyday
27:40     May 2021
Walter Capitani, Director Technical Product Management, GrammaTech Inc. USA, explain in this presentation:
The software development industry is in the midst of a shift to integrating security into the software development process - this is often referred to as DevSecOps, the combination of Development, Security and Operations. A key part of the DevSecOps movement is to perform security testing as close to the developer as possible to find vulnerabilities earlier in the development cycle. A proven technique to find issues early is the integration of Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools into CI/CD pipelines. Integration of these tools will execute tests and detect new vulnerabilities automatically with every code change. Join this session to learn how the latest release of GrammaTech’s CodeSonar and CodeSentry solutions work together to support DevSecOps and detect N-day vulnerabilities in your source code, binaries, and 3rd party software components.
GrammaTech: Finding the Serious Bugs that Matter with Advanced Static Analysis
GrammaTech: Finding the Serious Bugs that Matter with Advanced Static Analysis
44:34     May 2021
Dr. Paul Anderson, Vice President of Engineering, GrammaTech Inc. USA, explain in this presentation:
Many teams use static analysis tools primarily to enforce coding standards like MISRA that are designed to make programming in highly risky languages such as C and C++ much less hazardous. However, because C and C++ are such dangerous languages, programs that seem perfectly compliant with these standards may still contain serious defects and security vulnerabilities due to the inadvertent introduction of undefined behavior. The primary purpose of advanced static analysis tools is to see past the superficial syntactic properties of programs and into their deep semantic meaning, and by doing so, find those bugs. This talk will describe how these tools work, and will show some concrete examples of real bugs that they found in production code, despite the code having gone through style checking, manual review, and testing. Finally, you will get a taste of how users can customize the tools to their own domain, thereby allowing users to greatly increase the value they receive from using them.
GrammaTech CodeSonar?
GrammaTech CodeSonar
01:28     December 2016
CodeSonar® is a sophisticated static analysis tool for source code and binary code, that detects bugs and security vulnerabilities that other static analysis tools miss.
Protect Your Software Supply Chain
Protect Your Software Supply Chain
01:54     December 2016
In the increasingly fast-paced world of software development, leveraging third-party code can be a powerful shortcut. But are you taking into account the added risks?
Tainted Data Analysis in CodeSonar
Tainted Data Analysis in CodeSonar
06:04     November 2016
What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application? The questions answered and more.
How Does CodeSonar Find More Bugs?
How Does CodeSonar Find More Bugs?
Paul Anderson, GrammaTech´s VP of Engineering, describes in this video how CodeSonar uses advanced static analysis techniques to pinpoint the hardest-to-find defects and security vulnerabilities.
GrammaTech CodeSonar Quick Demo
GrammaTech CodeSonar Quick Demo
04:01     August 2012
Brief demo of the static code analysis tool Grammatech CodeSonar®.
GrammaTech CodeSonar vs. PC-Lint
GrammaTech CodeSonar vs. PC-Lint and Cppcheck
04:38     April 2017
Advanced Static Analysis with GrammaTech CodeSonar compared to tools like PC-Lint® and Cppcheck.
GrammaTech CodeSonar Security Audit
Performing a Security Audit with CodeSonar
07:41     February 2015
In this tutorial, we describe how to approach security auditing, using CodeSonar.
GrammaTech CodeSonar Quick Demo
GrammaTech CodeSonar for Binary Code
07:00     April 2013
GrammaTech is proud to offer the most aggressive binary analysis technology available. Now you can find vulnerabilities in software even if you don´t have access to the source code.
Static Analysis Using CodeSonar from GrammaTech
Static Analysis Using CodeSonar from GrammaTech
05:57     August 2012
Interview with Mark Zarins, VP Sales & Marketing GrammaTech.
GrammaTech Software Visualization
Software Visualization
04:23     February 2013
Software Visualization Engineer Travis Hidlay demonstrates some of the new features of CodeSonar®´s software visualization technology, which now ships standard with CodeSonar.
Static Analysis Using CodeSonar from GrammaTech
Software Visualization for System-of-Systems
27:28     November 2012
Presentation by Michael McDougall (Grammatech) at 2012 Flight Software Workshop in San Antonio, Texas. The 2012 Flight Software Workshop was hosted by the Southwest Research Institute with support from the Jet Propulsion Laboratory, the Aerospace Corporation, and the Johns Hopkins University Applied Physics Laboratory.
The Flight Software Workshop provides an opportunity to present current space flight architectures, novel approaches to mission solutions, and techniques for flight software development, integration, test and verification in an informal and open setting that facilitates communication across organizations and agencies.
GrammaTech CodeSonar Quick Demo
GrammaTech CodeSonar for Java
03:43     February 2013
Software Engineer John Von Seggern demonstrates some of the capabilities of GrammaTech´s Java analysis, within CodeSonar®´s advanced user interface.
Visualizing Static Analysis
Visualizing Static Analysis And Collaboration with CodeSonar - DESIGN West 2012
05:50     March 2012
C and C++ programmers and now Matlab programmers can take advantage of GrammaTech´s CodeSonar static analysis tools to reduce programming errors. Its new visualization and collaboration support enhances team quality control.
GrammaTech: Tools to Perform a Security Review on Unknown Code
GrammaTech: Tools to Perform a Security Review on Unknown Code
43:29     May 2021
John Blattner, President Imagix Corp. and Walter Capitani, Director Technical Product Management, GrammaTech Inc. USA, explain in this presentation: Performing a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started? Learn how tools can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix 4D comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
CodeSonar: DevSecOps for Source Code by GrammaTech
CodeSonar: DevSecOps for Source Code by GrammaTech
07:15     May 2021
DevSecOps brings security testing into the software development cycle. Thus vulnerabilities are found (and fixed) earlier.
Uncertainty is reduced. This video shows, how development teams can profit from the Static Code Analysis Tool GrammaTech CodeSonar. Excerpt of a presentation at Static Anaylsis Day 2021 hosted by Verifysoft.
Product Page

further presentations