Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
Image of preventing secrets in code
Blog post

Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school

What are hard coded secrets? Why do you care if secrets are hidden in your code? How does Sonar help prevent secrets from getting into your code, entering your repository, and leaking out from your CI/CD pipeline? In this post, Product Manager, Alex Gigleux, answers all your questions.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/245aa8f4-4550-4f24-a8a7-304a93f3c0cd/omdia-hero-image.jpeg
Blog post

Sonar is “On the Radar”: New Omdia Report

Omdia — an analyst firm that provides decades of industry experience, world-class research and consultancy, and actionable insights in over 200 markets — has published research about Sonar, our solutions, and recent innovations of deeper SAST and zero-configuration automatic analysis for C/C++. The research digs into why Sonar should be on your radar and also takes a look at the market view as well as from a current positioning.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/7293f25a-1ce5-4395-931d-1e612070ba78/top_issues_in_java_projects_blog_index%20%281%29.webp
Blog Post

Top issues in Java projects

Let's dig into the projects using Java as language and see, according to what SonarQube for IDE telemetry shows, that there are still lots of issues that appear in the huge list of analyzed projects.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/c2ae785c-a6a3-410b-a598-5a4010559f0b/vs_code_security_npm_vulnerabilities_blog_index.webp
Blog post

Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)

It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.

Read article >

SonarQube 10.3 Release Announcement Image
Blog post

SonarQube Server 10.3 Release Announcement

The new SonarQube Server 10.3 release is out now, including Secrets Detection at the Source, Clean Code Taxonomy & Clean as You Code Updates, Automate Provisioning GitHub Projects and Teams, 2023 CWE Top 25 Report, the Blazor Framework, and Stronger Security.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/ce58b847-3724-4e35-bcfa-1c2a6e17a497/vs_code_security_markdown_vulnerabilities_in_third_party_extensions_blog_index.webp
Blog post

Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/5b5ad127-f19d-47a7-afdd-9d303324e829/c_sast_benchmarks_blog_index.webp
Blog post

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/eda788d6-c636-4492-b70d-da91a829c6d7/vs_code_security_deep_dive_into_your_favorite_editor_blog_index.webp
Blog post

Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/62ac0224-8354-433f-b12d-a1ce9383128f/linux_foundation_chat_blog_index.webp
Blog post

Linux Foundation Chat: Open Source & Clean Code

Linux Foundation Executive Director Jim Zemlin joins Sonar Founder and co-CEO Olivier Gaudin to discuss Clean Code, open-source development, cybersecurity, and more!

Read article >

get the most out of your sonarcloud trial blog feature
Blog post

9 Steps to get the most out of your SonarQube Cloud Trial

To maximize the benefits of your SonarQube Cloud trial, it's essential to approach the trial with a clear plan. Start a 14-day trial for your private projects & repositories completely free to get all the features of the application that you can get as a paid subscription.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6312d6a8-faef-0175-9d92-e94376ab3538/a2b0b9e4-30f0-4183-80c0-8dd86152a324/shifting_right_for_secure_platforms_and_devops_blog_index.webp
Blog post

Shifting Right for Secure Platforms and DevOps

Dev tooling is not only helping shift issues left, but the tools also help identify issues that happen later, or to the right, in the development lifecycle. Like detecting secrets before they go into production or platform configuration issues.

Read article >