Our company is scanning its software to comply with software verification and validation requirements from the U.S. Food and Drug Administration (FDA).
Are there any guidelines/best practices for how to use/configure SonarSource for this purpose?
Hi,
Welcome to the community!
I guess you’re looking for rules that correspond to their guidelines? If so, could you point us to those guidelines?
Ann
Hi Ann,
There are no specific guidelines per se. I guess it is more about knowing from experience what the FDA is looking for and testing for that. I was hoping that one of your customers already submitted a software device for FDA review and could share the scanner rules that were relevant.
SonarSource competitors like Parasoft and Gammatech claim to have a lot of experience with FDA approval processes and offer dedicated reports for that. Unfortunately they are more oriented to embedded software written in C/C++ and less to web-based technologies.