Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Evaluating an ethical license for corporate use
The next most common evaluation will be a simple check against a list of accepted licenses, usually the list from the Open Source Initiative, a license-scanner vendor, or from counsel.
Read article >
Review your security vulnerabilities in GitHub with code scanning alerts
We’re happy to announce that SonarQube Cloud integrates with GitHub code scanning! It’s available to everyone with a GitHub repository - private or public - independently of your SonarQube Cloud plan. If you have access to the feature on GiHub and your organization admin already accepted the update for the SonarQube Cloud app permissions, you’re all set! You should be able to start using the feature during your next code review.
Read Blog post >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Horde Webmail 5.2.22 - Account Takeover via Email
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
Read Blog post >
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Read Blog post >
Dependency management and your software health
The specific mechanisms for tracking dependencies vary across open source communities, making it challenging to compare across languages or package managers.
Read article >
WordPress < 5.8.3 - Object Injection Vulnerability
We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.
Read Blog post >
How to disable XXE processing?
In this post, we will see how to completely disable external entities declaration and expansion, offering a quick and safe solution.
Read Blog post >
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them
Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, we will try to demystify XXE vulnerabilities and present the rule we put in place to help you detect and prevent them.
Read Blog post >
WordPress 5.8.2 Stored XSS Vulnerability
We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.
Read Blog post >
Vulnerability Research Highlights 2021
Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.
Read Blog post >
Modernizing your code with C++20
C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarQube for IDE, SonarQube Server and SonarQube Cloud can help us modernize our code to take advantage of some of the new features.
Read Blog post >