Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
Picture showing SonarQube 10.4 release
Blog post

SonarQube Server 10.4 Release Announcement

The SonarQube Server 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarQube for IDE is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/e5212578-5794-4632-88f6-4a298bc9cb42/pitfalls_of_desanitization_leaking_customer_data_from_osticket_blog_index.webp
Blog post

Pitfalls of Desanitization: Leaking Customer Data from osTicket

The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/93a64a05-fe40-4c98-9145-de84ccf8bd3b/juliet_c_security_benchmark_the_securestring_case_blog_index.webp
Blog post

Juliet C# Benchmark and the SecureString case

Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/15632114-af55-440e-85bd-72b9a9f67069/the_importance_of_verifying_message_origins_blog_index.webp
Blog post

Who are you? The Importance of Verifying Message Origins

This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/abef1f96-f752-4016-8fb8-43788dcf920e/Vulnerabilities%20in%20Jenkins_blog_index.webp
Blog post

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.

Read article >

Image of Blazor support by Sonar
Blog post

Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows

Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows

Read blog post >

The SonarQube and React logos
Blog post

Lessons learned upgrading to React 18 in SonarQube Server

We share the biggest three issues we faced and the lessons we learned as we upgraded SonarQube Server to React 18.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/64df6ab9-c247-4c0d-b62e-3bb168077339/vulnerability_research_highlights_blog_index.webp
Blog post

Vulnerability Research Highlights 2023

Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/13294037-5b6b-404a-8593-5751003436e3/c_sast_benchmarks_blog_index.webp
Blog post

Sonar's Scoring on the Top 3 Python SAST Benchmarks

We're excited to share not only how Sonar performs on Python benchmarks but also the ground truth corresponding to the list of expected and not-so-expected issues.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/5bf25ac4-d412-48eb-a98f-1de2363ffeab/devops_predictions_blog_index.webp
Blog post

2024 DevOps Predictions from the Sonar Developer Advocate Team

The Developer Advocate team shares their predictions on what they foresee for DevOps trends and hot topics in 2024.

Read article >

https://assets-eu-01.kc-usercontent.com:443/69414945-f022-01b0-62c9-fdd1323f5fe5/5c31ddcb-0f0b-45f6-9ef6-dbd445f6025a/2024_security_predictions_blog_index.webp
Blog post

2024 Security Predictions from the Sonar Research Team

Reflecting on changes in the industry over the past year, as well as the research we’ve published, the Sonar Vulnerability Research team came together and compiled our thoughts on what we foresee for cybersecurity in 2024.

Read Blog post >

Go to SonarSource homepage
sonar logo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.