Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
Integrating SonarQube Cloud with Amazon CodeCatalyst for Code Analysis
Sonar recently announced the integration of SonarQube Cloud with Amazon CodeCatalyst. This blog post guides you through integrating SonarQube Cloud, a cloud-based Clean Code solution, with Amazon CodeCatalyst.
Read blog post >
An Open Letter to Sonar[Qube] Users
Sonar’s new President of Field Operations introduces herself and reiterates the company's continued commitment to enabling organizations to succeed.
Read blog post >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
mXSS: The Vulnerability Hiding in Your Code
XSS is a well-known bug class, but a lesser-known yet effective variant called mXSS has emerged over the last couple of years. In this blog, we will cover the fundamentals of this XSS variant and examine how you can protect against it.
Read article >
Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar
This post delves into an actual Jenkins vulnerability to understand the intricacies of deeper SAST for detecting deeply hidden code vulnerabilities. It illustrates how deeper SAST works and explains its impact on keeping your code clean and free of these serious issues.
Read article >
Parallel Code Security: The Challenge of Concurrency
Parallelism has been around for decades, but it is still a source of critical vulnerabilities nowadays. This blog post details a severe vulnerability in the remote desktop gateway Apache Guacamole, highlighting the security risks of parallelism.
Read article >
Code Interoperability: The Hazards of Technological Variety
The rapid development of different technologies doesn’t come without risks. This blog post details a critical vulnerability in the remote desktop gateway Apache Guacamole, which showcases the challenges of code interoperability.
Read article >
Leveraging SonarQube Server, SonarQube Cloud, and SonarQube for IDE for Effective Shift Left Practices
Speed and quality are no longer trade-offs in the modern software landscape - they're a tightly interwoven dance. That's where the "Shift Left" philosophy comes in, urging us to move critical checks and balances like code quality analysis earlier in the development lifecycle.
Read article >
Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis
Unit and end-to-end testing are effective in ensuring features and functionality work properly, but what about code quality? How can we ensure that our code is reliable, maintainable, and secure? Enter static code analysis.
Read article >
Legacy Codebases are a DevOps Issue
Explore how DevOps principles and practices can transform the challenge of managing legacy code into an opportunity for improvement. This piece outlines actionable strategies for refactoring, the importance of automation, and adopting a 'Clean as You Code' approach to ensure sustainable code quality and efficiency.
Read article >
SonarQube Server 10.5 Release Announcement
The 10.5 release of SonarQube Server includes support for Java 21, C++23, and TypeScript 5.4. Secrets detection analysis is faster and deeper SAST coverage has increased. Project onboarding is more simplified for monorepos, Maven, and GitHub Actions. Read on to find out about these and much more.
Read article >
Dangerous Import: SourceForge Patches Critical Code Vulnerability
Our Vulnerability Research team discovered a critical code vulnerability in SourceForge, which attackers could have used to poison deployed files and spread malware to millions of users.
Read article >