New today, Omdia — an analyst firm that provides decades of industry experience, world-class research and consultancy, and actionable insights in over 200 markets — has published research about Sonar, our solutions, and recent innovations of deeper SAST and zero-configuration automatic analysis for C/C++. The research digs into why Sonar should be on your radar and also takes a look at the market view as well as from a current positioning.
The paper “On the Radar: Sonar adds “deeper” SAST and zero-configuration C/C++ analysis” is available to read now, but here’s a preview of the research details:
Summary
Catalyst
Sonar provides code analysis technology that helps developers and development teams to manage the quality and security of their software. It brings these two dimensions together in the term “Clean Code,” which Sonar defines as code that is consistent, intentional, adaptable, and responsible, and it offers its technology as a software as a service (SaaS) or as a self-managed platform, with open source and commercial options.
Recently, Sonar has added two significant innovations to its offering. First, it now has an enhanced static analysis capability, described as “deeper” static application security testing (SAST) to discover and fix hidden security issues in user code arising from interactions between the code and third-party libraries. Second, it has the ability to perform zero-configuration, automatic analysis of C and C++ projects independent of what compiler the developer is using. The company also has automatic analysis for 20 other languages, including Java, JavaScript, and Python.
Omdia view
Digital transformation projects have been underway in many organizations for a number of years, and were turbocharged by the recent COVID-19 pandemic when online and mobile channels became the only modes of interaction with customers, citizens, partners, and employees in large swathes of the globe. That process of transformation is, of course, underpinned by applications, and the resulting boom in app development has created a security challenge in the form of an expanded attack surface for many entities, as explained below.
A cornerstone of Sonar’s offering is that code quality and security can and should be addressed together and at the same time; this differs from other approaches, which focus on one or the other dimension. Sonar believes that in order to achieve the best security posture, organizations should address the characteristics of code holistically, from the moment it is developed. In other words, the operating approach should be quality by design and, at the same time, security by design. Provided the company can articulate this difference clearly, as well as the benefits it brings, Omdia sees clear business opportunities for the vendor in this burgeoning market.
For more information about Sonar’s solutions, view the product pages for SonarLint, SonarQube, and SonarCloud.