Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Code Vulnerabilities Put Skiff Emails at Risk
Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers the technical details of the XSS vulnerability in Skiff.
Read article >
Security Guy TV Interview - Going Deeper with SAST and Code Quality
Sonar CEO, Olivier Gaudin, and Head of Research and Development, Johannes Dahse, meet with Security Guy TV’s Chuck Harold to discuss deeper SAST and the importance of Code Quality.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Get the benefits of TypeScript in your JavaScript
Let's dive into what you can do to get more and more of TypeScript's benefits in your JavaScript projects.
Read blog post >
Introducing SonarQube Server 10.2: Setting New Standards in Code Quality and Security
Discover the new features in SonarQube Server 10.2!
Read article >
Code Vulnerabilities Put Proton Mails at Risk
The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.
Read article >
Playing Dominos with Moodle's Security (2/2)
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >
Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress
Enhancing Static Application Security Testing SAST, leverage benchmarks for tracking our progress.
Read blog post >
Playing Dominos with Moodle's Security (1/2)
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >
BlackHat 2023: Hackers, Casinos, and an Exciting Announcement
The Sonar team of developers are just returning from their trip to Las Vegas where they attended BlackHat USA 2023. If you were not able to make it, here is what you missed.
Read blog post >
What is deeper SAST in JavaScript?
What is SAST, what does deeper SAST mean, and how does this apply to your JavaScript and TypeScript applications?
Read blog post >
Patches, Collisions, and Root Shells: A Pwn2Own Adventure
We dive into the technical details of the vulnerabilities we identified as part of last year's Pwn2Own competition.
Read article >