Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/fdf8d109-3435-4ff2-a916-0ddec15cdd24/SQ%20License%20and%20Community%20Build%20Changes_Blog-landscape.png
Blog post

A better (free) SonarQube experience

Announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the features of our commercial SonarQube offering.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/3100fa95-172f-4b28-a2eb-73e0f1476a24/trust_ai_contributions_landscape_index.webp
Blog post

How to trust AI contributions to your codebase

In a world where AI generates code, code ownership and trust become increasingly obscure. Many enterprises already find this situation untenable, and they are looking for ways to solve it. But where do you start?

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/400c9c80-4638-4e7e-995b-7265dff7fdda/Our%20commitment%20to%20you_Blog_Landscape%402x.png
Blog post

Our commitment to you – and an update on severity ratings for software quality

The speed of software development and product delivery is increasing for organizations everywhere – including here at Sonar. In this blog, we decided to put our guiding engineering principles in writing and share them with you.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/faa1e2b0-9a01-4fdd-b8bc-9ca5ec15da23/html_sanitization_landscape_index.webp
Blog post

Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

HTML sanitization has long been touted as a solution to prevent malicious content injection. However, this approach faces numerous challenges. In this blog post, we'll explore the limitations of server-side HTML sanitization and discuss why client-side sanitization is the better approach.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/60dcda39-d99f-43ca-be65-d72439fc2c61/taint_analysis_landscape_index.webp
Blog post

The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator

This blog post explains how taint analysis tracks all data flows in an application’s source code to unveil deeply hidden vulnerabilities and showcases a critical vulnerability in the OpenAPI Generator discovered by SonarQube Cloud.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/8cf25ce0-1858-4367-8330-9e6b26eccf2c/Why%20Code%20Security%20Matters_landscape-index.png
Blog post

Why Code Security Matters - Even in Hardened Environments

This blog post showcases why fundamental code security is essential for an application despite all hardening measures applied in the underlying infrastructure.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/4b95b6e2-0011-473c-b492-b4e9f0d55dfd/dart%20support_landscape-index.webp
Blog post

Announcing Sonar's Support for Dart: Elevate Your Code Quality

Sonar now supports the Dart programming language

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/296c23e0-fbfe-434e-8c6d-aa1c903bce5e/sq-10.7_blog-index.webp
Blog post

SonarQube Server 10.7 Release Announcement

Sonar introduces powerful AI-driven features, expanded support for new and existing languages and frameworks, and deeper security, all to elevate your code quality. These updates bring significant advancements for developers and teams.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/b317978f-6ceb-4b3f-8128-508d618596a9/AI%20Code%20Assurance_landscape-index.webp
Blog post

Building Confidence and Trust in AI-Generated Code

Sonar AI Code Assurance is a robust and streamlined process for validating AI-generated code through a structured and comprehensive analysis.

Read article >

https://assets-eu-01.kc-usercontent.com:443/f42196a6-70a1-01d0-99f1-43134f12a58b/1c383359-8f9f-4f59-ab7c-617e6942c954/AI%20CodeFix_landscape-index.webp
Blog post

Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix

Sonar AI CodeFix is a powerful capability that suggests code fixes for issues discovered by our code analysis solutions SonarQube Server and SonarQube Cloud.

Read article >

Top Security Flaws hiding in your code
Blog post

Top Security Flaws hiding in your code right now - and how to fix them

Let's examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.

Read article >