CodeSonar System Requirements

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

CodeSonar System Requirements

The following requirements and guidelines should be followed to get the best performance from CodeSonar.

Operating Systems
Web Browser
CPU and Disk
Language Support
Analysis/Hub Version Compatibility
Third-Party Tools Not Shipped with CodeSonar
Other Notes

Operating Systems

Windows (64-bit only):

Windows 11
Windows 10
Windows Server 2022
Windows Server 2019
Windows Server 2016

Linux running glibc 2.11.3 or later (x86-64 only).
- If your source tree includes non-ASCII file or directory names, then:
  - The locales package must be installed.
  - The locale environment corresponding to those file and directory names must be defined.
  See the documentation for your Linux distribution if you need information on how to define a locale environment: the mechanism is distribution-dependent. For example, Ubuntu and Debian provide command locale-gen; CentOS and Fedora provide localedef.

CodeSonar Java analysis is available on 64-bit Windows and Linux only.

CodeSonar C# analysis is available on 64-bit Windows only, and .NET Framework 4.7.2 or later must be installed on the machine performing the analysis.

Web Browser

The following recommendations reflect the range of browsers that are most rigorously tested with the CodeSonar Web GUI. Since the GUI is designed for portability, many other browsers also work well.

Firefox
Chrome
Safari
Edge

There are some issues to note when opening the CodeSonar manual from disk in certain browsers. See the FAQ for details.

The majority of commonly-used browsers do not readily support in-browser generation and storage of user certificates. To use certificate-based user authentication with such browsers, see the additional material in section Manually Generating and Uploading User Certificates.

CPU and Disk

CPU and disk requirements for a machine running CodeSonar will depend on whether the machine is used to build and analyze projects or to run a hub.

Building and Analyzing

For a machine that will be running the CodeSonar build/analysis and sending the results to an external hub, the minimum requirements are as follows.

2 GHz for Intel processors.
- 4 GHz for analyzing Java or C# code.
2 GB of physical memory (RAM).
- 32 GB for analyzing Java or C# code.
- To run multiple analyses simultaneously, you will need this much RAM for each.
About 60 GB of free disk space per million lines of code analyzed.
- Analyzing C# code will require additional disk space to perform the analysis — about 30 GB extra per million lines of code — but once the analysis is complete this additional space is no longer required.
Use local disks rather than network drives.

If you want to run the analysis in parallel mode, you will need a minimum of one core and 512MB memory for each process, plus an additional 512MB for the master process. Run the CodeSonar analysis with ANALYSIS_SLAVES=Auto and DAEMON_SLAVES=Auto to have CodeSonar compute how many slaves to run based on your machine's resources.

Running a Hub

For a machine that will be running a CodeSonar hub, memory and disk requirements will vary according to the size of the projects analyzed and the frequency of analysis. Some example usage cases and their corresponding requirements are provided below; contact CodeSecure if you need assistance in determining memory and disk requirements for your analysis needs.

The hub database must be stored on a local disk (not a network drive).

Example 1: For a single project with fewer than 500,000 lines of code, where analyses are performed rarely or old analysis results are frequently removed.

2 GB of RAM
about 200MB of disk per analysis

Example 2: For a single project with 500,000 lines of code and nightly automated builds; past analyses never removed.

4 GB of RAM
250GB of disk

Example 3: For a project or projects totaling 2 million lines of code, with continuous integration and 30 developers.

8 GB of RAM
1 terabyte of disk
2 cores

Language Support

Tier 1 and Tier 2 languages: C, C++, Java, C#

CodeSonar ships with built-in analysis capability for languages in tier 1 (C, C++) and tier 2 (Java, C#).

The available languages will depend on your license key.

C	CodeSonar parses and generates internal representation for all features from C89/C90, C99, C11, and most features from C17/18: for more information, see C Support. Additionally, CodeSonar supports many compiler-specific C language features. See the compiler model documentation for details.
C++	CodeSonar parses and generates internal representation for all features from C++98, C++11, C++14, and C++17; and most features from C++20. It also supports some features from C++23. For more information, see C++ Support. Additionally, CodeSonar supports many compiler-specific C++ language features. See the compiler model documentation for details.
Java	The CodeSonar Java analysis is suitable for Java source and binaries targeting the following. Java 1.1-22. Android API 15-35 For more information, see Java Support. CodeSonar ships with its own JVM, so the analysis of Java projects is not dependent on your local Java version(s).
C#	The CodeSonar C# analysis is suitable for analyzing the following .NET versions. .NET Framework 1.0, 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 .NET Core 1.0, 1.1, 2.0, 2.1, 2.2, 3.0, 3.1 .NET 5.0, 6.0, 7.0, 8.0, 9.0 CodeSonar supports C# up to version 10.0.

Tier 3: all other languages

Analysis for tier 3 source languages is provided through integration with third-party analyzers.

We provide general instructions for integrating SARIF results from any analyzer with your CodeSonar project. We also provide tool-specific instructions for a select number of third-party analyzers. Some of these are shipped with CodeSonar and some are not.

Shipped with CodeSonar. Note that if you are already using one of these tools in your organization, we recommend using your own installed version rather than the one shipped with CodeSonar.
- Kotlin
Not shipped with CodeSonar. See the following section for more information.
- Clang Static Analyzer
- ESLint, typescript-eslint, SARIF formatter for ESLint
- Pylint
- Rust Clippy; Rust Clippy-Sarif
- Staticcheck

Analysis/Hub Version Compatibility

Analyses performed using older CodeSonar versions may submit results to newer hubs. Specifically, CodeSonar 5.3p0 through 9.2p0 analyses may submit results to CodeSonar 9.2p0 hubs. When using older analysis versions, some GUI functionality may be unavailable for the older analyses.

Analyses performed using newer CodeSonar versions may not submit results to older hubs. Specifically, CodeSonar 9.2p0 analyses require a CodeSonar 9.2p0 hub. Hubs using future versions of CodeSonar may also suffice; consult future versions of this documentation for details.

Third-Party Tools Not Shipped with CodeSonar

CodeSonar provides a number of integrations with external third-party software: software that is neither part of CodeSonar nor shipped with CodeSonar.

In order to use these integrations, the relevant software must be available on your local system. If it is not already available, you will need to install and configure the software.
These software packages are supported by their respective manufacturers.

The following table lists external third-party tools, as well as links to installation instructions and help information.

Software Name	Using with CodeSonar	Tool Installation and Help Links
Clang Static Analyzer	Integration mechanism shipped with CodeSonar.	Clang Static Analyzer scan-build: running the analyzer from the command line
Eclipse	Plug-in shipped with CodeSonar.	eclipse.org Downloads Eclipse Documentation
ESLint typescript-eslint SARIF formatter for ESLint	Integration mechanism shipped with CodeSonar.	ESLint: Getting Started with ESLint, ESLint Documentation typescript-eslint: Getting Started SARIF formatter for ESLint: README
GitHub	CodeSonar integration kit available.	Get started with GitHub GitHub Support
GitLab (all editions/plans)	CodeSonar integration kit available.	Use GitLab GitLab Docs
Hudson	Integration instructions provided.	Installing Hudson Hudson Documentation
Jenkins	CodeSonar plug-in available.	Installing Jenkins Jenkins User Documentation
Jira Cloud	Plug-in shipped with CodeSonar.	Set up Jira Software Cloud Jira Software Cloud support
Jira Server	CodeSonar plug-in available.	Installing Jira Software Jira Software Data Center and Server documentation
Keycloak	Integration instructions provided.	Keycloak: Getting Started Keycloak: Documentation
Microsoft Visual Studio	Plug-in shipped with CodeSonar.	Install Visual Studio Get help with Visual Studio
Microsoft Visual Studio Code	Extension available from the VS Code Marketplace.	Download Visual Studio Code Visual Studio Code: Getting Started
Okta	Integration instructions provided.	Launch Kit for Okta Admins Okta Help Center
Pylint	Integration mechanism shipped with CodeSonar.	Pylint: Installation Pylint Documentation
Rust Clippy	Integration mechanism shipped with CodeSonar.	Rust: Installation, Documentation Clippy: Installation, Documentation Clippy-Sarif: Documentation, including installation
Staticcheck	Integration mechanism shipped with CodeSonar.	Staticcheck: Getting Started Staticcheck Documentation

Other Notes

CodeSonar Eclipse Plug-in	The Eclipse plug-in has an additional set of prerequisites.
CodeSonar Visual Studio Plug-in	The Visual Studio plug-in has an additional set of prerequisites.
Bitdefender™	CodeSonar will not be able to communicate with an HTTP hub on systems with Bitdefender installed, even if Bitdefender is disabled. You can work around this by configuring your hub to use HTTPS.
ALYac Internet Security Pro	CodeSonar is not compatible with ALYac Internet Security Pro.
Avast Antivirus	CodeSonar is not compatible with Avast Antivirus.
F-Secure Ultralight Hoster	CodeSonar is not compatible with F-Secure Ultralight Hoster.

To report problems with this documentation, please visit https://support.codesecure.com/.