Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
Power of Clean Code on a computer screen with gears turning around lines of code.
Blog post

The Power of Clean Code

Clean Code—a term you may have casually used or heard before but may not have synthesized or internalized its true essence. In this post, learn what Clean Code is and why it matters. 

Read Blog post >

Our security researchers were surprised to discover a low-hanging code vulnerability in WordPress Core that we will discuss in this blog post.
Blog post

WordPress Core - Unauthenticated Blind SSRF

Our security researchers were surprised to discover a low-hanging code vulnerability in WordPress Core that we will discuss in this blog post.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/4ddd2c5b-e797-448d-b264-bac59f9717d1/3%20min%20away%20from%20clean%20Java%20PRs_blog%20header.png
Blog post

You’re 3 minutes away from clean Java pull requests!

In this blog, we demonstrate how you can get started with SonarQube Cloud in less than 3 minutes and ensure all new Java pull requests are clean, every time.

Read Blog post >

Knowing if your latest release candidate is built with clean code doesn’t have to be a guessing game. With Sonar at your side, you’ll know that every new line, every PR and every build is...
Blog post

Sonar Streamlines the Race to Release

Knowing if your latest release candidate is built with clean code doesn’t have to be a guessing game. With Sonar at your side, you’ll know that every new line, every PR and every build is clean.

Read Blog post >

In the third part of our Securing Developer Tools series, we look at a critical vulnerability that affects one of the most popular code editors: Visual Studio Code.
Blog post

Securing Developer Tools: Argument Injection in Visual Studio Code

In the third part of our Securing Developer Tools series, we look at a critical vulnerability that affects one of the most popular code editors: Visual Studio Code.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/7d95cc85-890e-4e05-b17e-ae2e7b004b74/dfa97c39-b3be-4481-a555-e348f7c23a14_WHATWG%2BVs%2BRFC_Blog%2BHeader%402x.png
Blog post

Security Implications of URL Parsing Differentials

Our security research led to the discovery of a flaw in a popular Apache2 authentication module. We come back on this case of parsing differential and how various languages behave when working with URLs.

Read Blog post >

We recently found a vulnerability in Django that allows us to disclose sensitive information. Let’s review the root cause, exploiting technique, and patch.
Blog post

Disclosing information with a side-channel in Django

We recently found a vulnerability in Django that allows us to disclose sensitive information. Let’s review the root cause, exploiting technique, and patch.

Read Blog post >

We recently discovered a Prototype Pollution vulnerability in Blitz.js leading to Remote Code Execution. Learn about this bug class and how to avoid it in your code!
Blog post

Remote Code Execution via Prototype Pollution in Blitz.js

We recently discovered a Prototype Pollution vulnerability in Blitz.js leading to Remote Code Execution. Learn about this bug class and how to avoid it in your code!

Read Blog post >

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.
Blog post

Unrar Path Traversal Vulnerability affects Zimbra Mail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

Read Blog post >

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.
Blog post

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/7630306f-9a2f-018d-2726-3ef76ef712f4/29c1cfd3-6f16-4cf9-8a2f-ab8784b441b4/Sonars%20Analysis%20Performance%20Targets_blog%20header.png
Blog post

Sonar’s analysis performance targets

We've finally defined our own performance goals for analysis - so that we're no longer subjecting ourselves to apples-to-oranges comparisons with tools that may not have the same goals or outcomes. Now, we can clearly state what you can expect from analysis, and how long analysis of a project should take under standardized conditions.

Read Blog post >