Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
AI generated code is detected in project
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Blog post

Zabbix - A Case Study of Unsafe Session Storage

In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.

Read Blog post >

Image for Dependency management and your software health
Blog post

Dependency management and your software health

The specific mechanisms for tracking dependencies vary across open source communities, making it challenging to compare across languages or package managers.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.
Blog post

WordPress < 5.8.3 - Object Injection Vulnerability

We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.

Read Blog post >

In this post, we will see how to completely disable external entities declaration and expansion, offering a quick and safe solution.
Blog post

How to disable XXE processing?

In this post, we will see how to completely disable external entities declaration and expansion, offering a quick and safe solution.

Read Blog post >

Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for ...
Blog post

Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, we will try to demystify XXE vulnerabilities and present the rule we put in place to help you detect and prevent them. 

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

WordPress 5.8.2 Stored XSS Vulnerability

We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.

Read Blog post >

Vulnerability Research Highlights 2021
Blog post

Vulnerability Research Highlights 2021

Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.

Read Blog post >

C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarLint, SonarQube and SonarClou...
Blog post

Modernizing your code with C++20

C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarQube for IDE, SonarQube Server and SonarQube Cloud can help us modernize our code to take advantage of some of the new features.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

NodeBB 1.18.4 - Remote Code Execution With One Shot

We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!

Read Blog post >

Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!
Blog post

Code Security Advent Calendar 2021

Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!

Read Blog post >

In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.
Blog post

10 Unknown Security Pitfalls for Python

In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.

Read Blog post >