Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/f319fbfb-e548-4f2e-9d9c-59e1262c9619/iso-27001-compliance-landscape-index.webp
Blog post

How can Sonar help with ISO 27001 compliance?

Security standards such as ISO 27001 are crucial for businesses as they offer a structured framework for managing and safeguarding sensitive information.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/e503a8d1-03d9-4413-a51b-2e897698ac0c/pyspider_vulnerabilities_landscape_index.webp
Blog post

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

pyspider uses the convenient “basic HTTP authentication” method, but browsers don’t take the extra step to protect users from CSRF attacks. Learn more on how SonarQube Cloud detected 2 vulnerabilities in this open-source project.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/2219edcc-ac15-4f18-a165-0c3286785dec/how-to-choose-an-llm-in-software-development-square-index.webp
Blog post

How to Choose an LLM in Software Development

With so many Large Language Models (LLMs) out there, selecting the right LLM is crucial for any organization looking to integrate AI into its operations.

Read article >

Logo of SonarCloud and SonarQube next to each other for comparison.
Blog post

SonarQube Cloud or SonarQube Server, What's Right for Your Team?

Learn about the similarities and key differences between SonarQube Cloud and SonarQube Server and which one is best for your use case.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/4afae759-3f4e-4523-8b4a-61c0f741d839/on_demand_qcon_blog_index.webp
Blog post

[ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for and Impact of Clean Code at QCon London 2024

Olivier Gaudin discusses the value of quality, secure code from the start at top industry software conference. Check out his talk!

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/38bfe757-d696-40db-85d7-e9acf90ffe80/bypassing_sanitization_landscape_index.webp
Blog post

Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire

Modern JavaScript front-end frameworks protect your application from XSS vulnerabilities by automatically escaping untrusted content. This built-in feature can be bypassed intentionally, which should be taken with great care.

Read article >

How Sonar helps with NIST SSDF
Blog post

How Sonar Helps meeting NIST SSDF Code Security Requirements

Sonar’s solutions, including SonarQube for IDE, SonarQube Server, and SonarQube Cloud, help you meet NIST SSDF code security requirements and enhance overall code quality. Find out how.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/7b9a36b1-be1e-49b0-a013-d05e8f0235ad/roundcube_landscape_index.webp
Blog post

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

Sonar’s R&D team discovered a Cross-Site Scripting vulnerability in Roundcube. Similar vulnerabilities in Roundcube have been used by APTs to steal government emails.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/354e2d58-4606-4625-9017-bf9676e05fe4/sonarcloud_enterprise_and_team_landscape_blog_header%20%281%29.webp
Blog post

Now Introducing, SonarQube Cloud Enterprise and SonarQube Cloud Team

We are excited to expand our SonarQube Cloud offering with the availability of two new plans, SonarQube Cloud Enterprise and SonarQube Cloud Team.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/7b69d1cd-74f7-4610-a793-6bd3e35737fa/crowdstrike_blog_featured_2x.webp
Blog post

What Code Issues Caused the CrowdStrike Outage?

This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.

Read article >

Deliver High-Quality ASP.NET Web Apps with Sonar
Blog post

Deliver high-quality ASP.NET Core web apps with Sonar.

Sonar recently added new rules for ASP.NET WebAPI and ASP.NET MVC. In this blog post, we discuss the details of these frameworks within ASP.NET Core and how Sonar’s solutions help keep your ASP.NET web apps clean and free of issues.

Read article >

Go to SonarSource homepage
sonar logo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.