Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/48205ef7-d320-4bfd-8189-347899151b94/The%20Tainted%20Voyage_landscape-index.png
Blog post

The Tainted Voyage: Uncovering Voyager's Vulnerabilities

SonarQube Cloud detected an arbitrary file upload in Voyager, tracked as CVE-2024-55417. When combined with other vulnerabilities our research team found, attackers can execute arbitrary code on the server if an authenticated user clicks on a link.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/0fbfcf02-dc88-4363-af1f-266bd828aa34/LTA_Blog%20Index.webp
Blog post

SonarQube Server 2025.1 LTA Release Announcement

The new SonarQube Server LTA release is as value-packed as ever. Look forward to high-impact AI capabilities, more secure code at every angle, supercharged developer productivity, and even better enterprise and operational capabilities. As always, there's something for everyone with the LTA!

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/df2679b4-3cb6-43e6-913a-2b19a3727b71/sq_ide_2024_highlights_landscape_index.webp
Blog post

SonarQube for IDE: Our journey this year, and sneak peek into 2025

Reviewing the enhancements delivered by the SonarQube for IDE team for developers during 2024. Focusing on streamlining the UX for teams, harnessing the power of SonarQube Server and Cloud through connected mode into your IDE, and making it even easier to focus on new code.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/a1f38bdc-15bd-4852-aa89-218ca4a8502d/vulnerability_research_highlights_2024_blog_featured.webp
Blog post

Vulnerability Research Highlights 2024

Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2024.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/d292ee07-6cc3-46d7-99eb-33726ed07243/2025%20Leadership%20Predictions_Blog-landscape.png
Blog post

Software and AI in 2025 — Sonar Perspectives on What’s to Come in the New Year

Several Sonar leaders share their perspectives on what to expect in 2025 with AI and software development.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/544521e4-2ddb-4e6e-850b-099dbd4a3569/Never%20Underestimate%20CSRF_Index.png
Blog post

Never Underestimate CSRF: Why Origin Reflection is a Bad Idea

CORS misconfigurations are often overlooked, but they can have severe consequences. We demonstrate how reflecting the origin header leads to code execution in Whistle.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/a246cb23-8c0b-4aeb-b402-ba74c0ffdb82/sq_cloud_blog_landscape_2x.webp
Blog post

The new SonarQube Free tier is here - get started today!

Announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the features of our commercial SonarQube offering.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/74fb89d5-e86a-4482-870a-02a9155d0a80/sq_10_8_blog_index.webp
Blog post

SonarQube Server 10.8 Release Announcement

This release includes stronger AI Code Assurance and AI CodeFix capabilities. Choose from two new operating modes to run the server in a way that best suits your business needs. Exciting things continue to happen with our language support, like new architecture rules, support for Ansible IaC, and full support of our Dart/Flutter coverage. Find out what’s in store for you.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/fdf8d109-3435-4ff2-a916-0ddec15cdd24/SQ%20License%20and%20Community%20Build%20Changes_Blog-landscape.png
Blog post

A better (free) SonarQube experience

Announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the features of our commercial SonarQube offering.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/0ad75364-8aff-4ef1-85d6-4a19af328ef0/trust_ai_contributions_blog_index.webp
Blog post

How to trust AI contributions to your codebase

In a world where AI generates code, code ownership and trust become increasingly obscure. Many enterprises already find this situation untenable, and they are looking for ways to solve it. But where do you start?

Read article >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/400c9c80-4638-4e7e-995b-7265dff7fdda/Our%20commitment%20to%20you_Blog_Landscape%402x.png
Blog post

Our commitment to you – and an update on severity ratings for software quality

The speed of software development and product delivery is increasing for organizations everywhere – including here at Sonar. In this blog, we decided to put our guiding engineering principles in writing and share them with you.

Read article >