Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Take Control of Code Quality with SonarQube Server Pull Request Decoration in Your Workflow
How do you write super clean code without disrupting your workflow? Join me as I show you how SonarQube Server Pull Request Decoration gets you there!
Read Blog post >
How Google manages open source
The Google monorepo has been blogged about, talked about at conferences, and written up in Communications of the ACM.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Package signing across package managers
Recently I looked at the state of 2FA support across package managers. 2FA adds a layer of security by requiring two sources of authentication from maintainers when publishing packages.
Read article >
Apache Kylin 3.0.1 Command Injection Vulnerability
We discovered a severe command injection vulnerability in Apache Kylin that allows malicious users to execute arbitrary OS commands.
Read Blog post >
SonarSource acquires RIPS Technologies
Teams will be joining forces in building best-in-class Static Application Security Testing (SAST) products that help development teams and organizations deliver more secure software.
Read Blog post >
Exploiting Hibernate Injections
Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect and exploit Hibernates very own vulnerability: The HQL Injection.
Read Blog post >
What is 'taint analysis' and why do I care?
In large systems, finding the bad actors is easier said than done. First you have to find all the places you accept data from users, and then you have to sanitize the data before you use it. The hard part is making sure you've found all the sources of user data and intervened before any kind of use. That's where taint analysis comes in.
Read Blog post >
The state of the copyleft license
In this post, I want to go a little deeper into one important type of license: those that require sharing of modifications under certain conditions, often called “copyleft” or “reciprocal” licenses
Read article >
WordPress <= 5.2.3: Hardening Bypass
This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4
Read Blog post >
Clean as You Code: How to win at Code Quality without even trying
Analyzing a legacy project can be overwhelming. Learn how to Clean as You Code to make sure that the code you release into production tomorrow is at least as good as - and probably better than! - the code that's in production today.
Read Blog post >
Bit Rot: the silent killer
Your code is rotting right now. Every day, each one of your production services, internal tools, and open source libraries decays a little bit.
Read article >