Sonar's latest blog posts

Featured Post

State of Code Developer Survey report: The current reality of AI coding

Sonar analyzes over 750 billion lines of code every day. This gives us a unique, high-level view of the state of code quality and security across the globe.

Read article
https://assets-eu-01.kc-usercontent.com:443/ef593040-b591-0198-9506-ed88b30bc023/7ab133c1-b3f7-4652-82a1-3376b953d6bd/soc_survey_report_featured_blog_article_2x.webp
SonarQube has always had a rich plugin Marketplace, with much of SonarQube's functionality originally delivered as plugins and many additional needs being met by community-maintained plug...
Blog post

Use 3rd-party plugins at your own risk

If you're using 3rd-party plugins for SonarQube Server, you're obviously already aware of the benefits. With this blog post, we want to make sure you're also aware of the risks. Because there are risks.

Read Blog >

Learn how developers can safeguard their cloud 'secrets' from publicly leaking and take charge of their Code Security with SonarLint.
Blog post

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Learn how developers can safeguard their cloud 'secrets' from publicly leaking and take charge of their Code Security with SonarQube for IDE.

Read Blog >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By clicking “Sign up”, you consent to receive email communications from SonarSource containing blog updates, product news, and other relevant content. We will store and process your personal data for this purpose as described in our Privacy Policy. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us in accordance with the Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for How Code Quality Practices Help You Retain Your Development Talent
Blog post

How Code Quality Practices Help You Retain Your Development Talent

It can be challenging to maintain good coding vibes when your team or company often prioritizes feature delivery over code quality. If your developers are never allowed the time to work on new and exciting things they may eventually find somewhere else to bring their coding talents to.

Read Blog >

We discovered critical code issues in Zimbra, a popular enterprise webmail solution, that could lead to a compromise of all emails by an unauthenticated attacker.
Blog post

Zimbra 8.8.15 - Webmail Compromise via Email

We discovered critical code issues in Zimbra, a popular enterprise webmail solution, that could lead to a compromise of all emails by an unauthenticated attacker.

Read Blog >

Learn how the functionality of Quality Profiles and Quality Gates come together to enable the SonarSource Clean As You Code methodology.
Blog post

Clean As You Code essentials - What are Quality Profiles and Quality Gates?

Learn how the functionality of Quality Profiles and Quality Gates come together to enable the SonarSource Clean As You Code methodology.

Read Blog >

We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.
Blog post

Etherpad 1.8.13 - Code Execution Vulnerabilities

We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.

Read Blog >

Discover how SonarQube can integrate with your existing enterprise setup (LDAP, SSO & co.) for user authentication and authorization.
Blog post

Enterprise-ready: Authentication & Authorization with SonarQube Server (LDAP, SSO & more)

Discover how SonarQube Server can integrate with your existing enterprise setup (LDAP, SSO & co.) for user authentication and authorization.

Read Blog >

Image for CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained
Blog post

CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained

We discovered critical code vulnerabilities in CiviCRM, a popular CRM plugin for Wordpress, Joomla and Drupal. Learn more about how to find and patch these issues.

Read Blog >

SonarQube 8.9 LTS is here! Not every improvement could be mentioned in the release announcement, so check out these LTS easter eggs that make this the Best LTS Ever.
Blog post

7 more reasons to upgrade to SonarQube Server 8.9 LTS

SonarQube Server 8.9 LTS is here! Not every improvement could be mentioned in the release announcement, so check out these LTS easter eggs that make this the Best LTS Ever.

Read Blog >

With SonarQube 8.9 LTS, SonarSource has made failing the pipeline available for everyone, using any CI you want. But with great power comes ... well, you know. In this post you'll learn w...
Blog post

Broken pipelines for everyone!

With SonarQube Server 8.9 LTS, SonarSource has made failing the pipeline available for everyone, using any CI you want. But with great power comes ... well, you know. In this post you'll learn what went into the decision to make this available and what you'll want to watch out for when you use it.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Grav CMS 1.7.10 - Code Execution Vulnerabilities

We responsibly disclosed two code execution vulnerabilities in Grav CMS, one of the most popular flat-file PHP CMS in the market. Let’s see what we can learn from them and discuss their patches!

Read Blog >

Accéder à la page d’accueil de SonarSource
  • Suivez SonarSource sur Twitter
  • Suivez SonarSource sur Linkedin
language switcher
Français (French)
  • Documentation juridique
  • Trust Center

© 2025 SonarSource Sàrl. Tous droits réservés. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD et CLEAN AS YOU CODE sont des marques déposées de SonarSource Sàrl.