Software verification and validation for US FDA

Our company is scanning its software to comply with software verification and validation requirements from the U.S. Food and Drug Administration (FDA).

Are there any guidelines/best practices for how to use/configure SonarSource for this purpose?


Welcome to the community!

I guess you’re looking for rules that correspond to their guidelines? If so, could you point us to those guidelines?


Hi Ann,

There are no specific guidelines per se. I guess it is more about knowing from experience what the FDA is looking for and testing for that. I was hoping that one of your customers already submitted a software device for FDA review and could share the scanner rules that were relevant.

SonarSource competitors like Parasoft and Gammatech claim to have a lot of experience with FDA approval processes and offer dedicated reports for that. Unfortunately they are more oriented to embedded software written in C/C++ and less to web-based technologies.