Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!
Blog post

SmartStoreNET - Malicious Message leading to E-Commerce Takeover

Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!

Read Blog post >

We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Blog post

Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD

We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/e289de40-8bea-42be-b6e4-7171f08e246d/Meet%20the%20New%20Project%20Experience_blog%20header.png
Blog post

Meet the new project experience for SonarQube Cloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarQube Cloud for all users. You’ll notice a few improvements the next time you open SonarQube Cloud.

Read Blog post >

We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.
Blog post

Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services

We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.

Read Blog post >

This article talks about the powerful capabilities of the C++ analyzer with SonarLint and highlights some unique and interesting quality and security rules you might find useful. Through ...
Blog post

Supercharge your C++ analysis with SonarQube for IDE for CLion

This article talks about the powerful capabilities of the C++ analyzer with SonarQube for IDE and highlights some unique and interesting quality and security rules you might find useful. Through that lens, we demonstrate how you can leverage these rules to elevate your CLion built-in static analysis capabilities for your C++ projects.

Read Blog post >

Boost your productivity by automatically applying fixes to repair code quality issues in your IDE with SonarLint.
Blog post

Modernize Code Quality with ‘Quick Fixes’

Boost your productivity by automatically applying fixes to repair code quality issues in your IDE with SonarQube for IDE.

Read Blog post >

We responsibly disclosed three vulnerabilities in the open-source status page Cachet, allowing attackers to take over instances. Here are all the details!
Blog post

Cachet 2.4: Code Execution via Laravel Configuration Injection

We responsibly disclosed three vulnerabilities in the open-source status page Cachet, allowing attackers to take over instances. Here are all the details!

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/d7f6199c-9f3d-4811-9286-4d417cf3fcc4/Product%20Portals%20Open_blog%20header.png
Blog post

Product portals open: we want your input

We've recently opened up product portals on Productboard. You'll find them for SonarQube Server, SonarQube Cloud, and SonarQube for IDE. Each one shows the features we're currently working on, the ones we've released recently, and the ones we're planning. 

Read Blog post >

We recently discovered an XSS vulnerability in the admin frontend of Ghost CMS 4.3.2. Find out the details and learn how to avoid such issues in your code!
Blog post

Ghost CMS 4.3.2 - Cross-Origin Admin Takeover

We recently discovered an XSS vulnerability in the admin frontend of Ghost CMS 4.3.2. Find out the details and learn how to avoid such issues in your code!

Read Blog post >

Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of...
Blog post

Compilation database: An alternative way to configure your C or C++ analysis

Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of this information, called the build wrapper. Recently we introduced another way to configure your analysis, the compilation database. Learn more about the pros and cons of each option.

Read Blog post >

Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.
Blog post

elFinder - A Case Study of Web File Manager Vulnerabilities

Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.

Read Blog post >

Go to SonarSource homepage
sonar logo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.