Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/7b9a36b1-be1e-49b0-a013-d05e8f0235ad/roundcube_landscape_index.webp
Blog post

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail

Sonar’s R&D team discovered a Cross-Site Scripting vulnerability in Roundcube. Similar vulnerabilities in Roundcube have been used by APTs to steal government emails.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/354e2d58-4606-4625-9017-bf9676e05fe4/sonarcloud_enterprise_and_team_landscape_blog_header%20%281%29.webp
Blog post

Now Introducing, SonarQube Cloud Enterprise and SonarQube Cloud Team

We are excited to expand our SonarQube Cloud offering with the availability of two new plans, SonarQube Cloud Enterprise and SonarQube Cloud Team.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/7b69d1cd-74f7-4610-a793-6bd3e35737fa/crowdstrike_blog_featured_2x.webp
Blog post

What Code Issues Caused the CrowdStrike Outage?

This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.

Read article >

Deliver High-Quality ASP.NET Web Apps with Sonar
Blog post

Deliver high-quality ASP.NET Core web apps with Sonar.

Sonar recently added new rules for ASP.NET WebAPI and ASP.NET MVC. In this blog post, we discuss the details of these frameworks within ASP.NET Core and how Sonar’s solutions help keep your ASP.NET web apps clean and free of issues.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/2ae4d572-5445-4b1c-80ef-a8b978edabf1/g2-review-static-code-analysis-2024-summer-blog-feature.webp
Blog post

G2 Grid Report for Static Code Analysis: Sonar Named a Leader for Sixteenth Consecutive Quarter

G2 has once again ranked Sonar #1 in Static Code Analysis in the Summer 2024 Grid Report. In addition to leading the pack in each of the Enterprise, Mid-Market, and Small Business segments for Static Code Analysis, Sonar was also named a leader in the Static Application Security Testing (SAST) category.

Read article >

AutoConfig for C and C++ Projects Image
Blog post

AutoConfig: C++ Code Analysis Redefined

Abbas Sabra covers a groundbreaking technology: AutoConfig for C and C++. It automates the normally complex setup process, making project setup a breeze. AutoConfig is designed to make code analysis free of complications bringing Clean Code to the fingertips of every C and C++ developer.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/71e5f88e-922e-42dc-91ba-b0b704fadc32/charset_matters_landscape_blog_header.webp
Blog post

Encoding Differentials: Why Charset Matters

The absence of charset information seems to be a minor issue for a web application. This blog post explains why this is a false assumption and highlights the critical security implications.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/8c8293e0-1982-4dee-98ad-8ee089ea9f0b/gogs_vulnerability_square%20%281%29.webp
Blog post

Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2)

Learn about critical code vulnerabilities we discovered in Gogs, a source code hosting solution. This follow-up covers how less severe flaws can still have a critical impact.

Read article >

Code being analyzed and visualized using SonarQube for Code Coverage.
Blog post

Using and Understanding SonarQube Server for Code Coverage

One critical metric to gauge the effectiveness of your code testing efforts is code coverage. SonarQube Server, a powerful static code analysis solution, integrates seamlessly with code coverage tools, empowering developers to write cleaner, more secure, and thoroughly tested code.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/c56ed450-f769-40eb-b035-341c90716c4d/gogs_vulnerability_square.webp
Blog post

Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2)

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

Read article >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/767c21ed-a3e7-4277-b38b-ca6a02b63fd7/Cost%20of%20Bad%20Code_Landscape_Blog-Header.png
Blog post

The True Cost of Bad Code in Software Development

Despite advances in technology and methodologies, the costs associated with fixing bad code continue to escalate, impacting businesses financially and operationally. But what is bad code, what are the clear markers of its negative impact, and how can organizations overcome it?

Read article >

Go to SonarSource homepage
sonar logo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.