Automate code compliance
and security checks


Compliance Module Add-Ons

Extend your static analysis by automating compliance to key coding and security standards.
QA compliance modules ensure that the standards are automatically enforced as the code is written!

QA Systems offers compliance modules for the following standards:


Guidelines for the use of the C/C++ languages in critical systems


Guidelines for the C++ language in safety-critical systems.


Secure Coding Standards for C and C++.

MISRA Compliance

Extend QA-C/QA-C++ for out-of-the-box application of the MISRA coding guidelines.

  • Automatically track, report and demonstrate MISRA C Compliance
  • Continuously inspect source code for conformance to the MISRA C coding guidelines
  • Scale to millions of lines of code
  • Increase code portability and re-usability
  • Give your developers contextual feedback that helps them correct and learn from mistakes
  • Reduce bottlenecks caused by manual code review and slow analysis tools and methods
  • Analyze your source code without executing programs

A safer C / C++ language subset

All programming languages (including the ISO C and C++ language standards) contain uses which are incompletely specified or defined in a way that different compiler implementations can exhibit different behaviour for the same language construct. For safety-related or safety-critical systems, the MISRA ‘advisory’ and ‘required’ rules define a safer subset of grammar for the C and C++ languages to improve the portability, safety and security aspects of programs. These sub-sets are simply a restricted version of the full language, so standard commercial off the shelf too chains can be used with them, while providing safer programs which run as the programmer expected on different environments.

QA-MISRA compliance modules

Available QA-MISRA compliance modules:

  • MISRA C:1998
  • MISRA C:2004
  • MISRA C:2012 (MISRA C3)
  • MISRA C++

AUTOSAR Compliance

The QA-C++ AUTOSAR module extends QA-C++ to include out-of-the-box application of AUTOSAR coding guidelines.

  • Highlights coding rule violations
  • Reports unspecified, undefined or compiler-dependent behaviour
  • Clearly flags possible runtime issues
  • Covers all possible execution paths

AUTOSAR ‘Adaptive Platform’ for Autonomous and Connected Vehicle Technologies

Connected and autonomous driving technologies are evolving at a rapid pace. These changes require completely new development requirements for both new and existing ECU software platforms. 

The new ‘Adaptive Platform’ standard developed by AUTOSAR for highly autonomous and internet-connected driving technologies, helps to meet these rapidly growing market needs.

Some of the technologies driving the adaptive platform standard include:

  • high-powered 32-/64-bit microprocessors (with external memory)
  • parallel processing
  • high bandwidth communications

CERT C, CERT C++ Compliance

Implement a disciplined, repeatable, and security-focused development process by incorporating application security measures into your design and coding processes.

  • Plug into our Automated Static Analysis tools
  • Eliminate insecure coding practices
  • Eliminate undefined behaviors
  • Avoid commonly exploited vulnerabilities
  • Improve your overall system quality

What is a software vulnerability?

CERT describes a vulnerability as a software defect that affects security when it is present in information systems.

The defect may be minor, in that it does not affect the performance or results produced by the software, but nevertheless may be exploited by an attack that results in a significant breach of security.

CERT estimates that up to 90% of reported security incidents result from the exploitation of defects in software code or design.

Automatically test against rulesets for secure coding in C and C++

QA Systems CERT Add-Ons automatically tests against security vulnerabilities derived from a database containing over 20 years worth of documented vulnerability cases.

Eliminate the root causes of vulnerabilities

Guarantee the absence of coding errors; insecure coding practices and undefined behaviors that are commonly found to be the root causes of vulnerabilities.

Maximize dependability, trustworthiness, and resilience

Automated static analysis combined with a CERT® C and C++ Add-Ons help you produce software that executes predictably and correctly; minimize exposure to security vulnerabilities and weaknesses; and create code that can resist most known as well as new attacks.

You will know that your code is dependable, trustworthy, and resilient before your code is even compiled.

Automatically track, report, and demonstrate CERT C and C++ compliance

Manually tracking, reporting, and demonstrating compliance to a security coding standard isn’t feasible for large development teams working on enterprise-level codebases.

CERT® C and C++ add-ons automates compliance tracking, reporting to key stakeholders, and the documentation required to demonstrate compliance to external parties.

Relationship with CWE

(Common Weakness Enumeration) 

CWE provides a comprehensive repository of known weaknesses, while the CERT® C Secure Coding standard identifies insecure coding constructs that may expose a weakness in the software.

Not all CERT® C coding guidelines map directly to weaknesses in the CWE, because some coding errors can manifest themselves in various ways that do not directly correlate to any given weakness. Similarly, not all weaknesses identified by CWE are present in the coding standard as some are related to high level design.

CWE is made up of a series of views, such as the dictionary view and the development view. The CWE-734 view enumerates weaknesses addressed by the CERT® C Secure Coding Standard and includes 103 out of the 799 total CWEs. Developers can fully or partially prevent the weaknesses identified in CWE-734 if they adhere to the CERT® coding standard.