BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress
Enhancing Static Application Security Testing SAST, leverage benchmarks for tracking our progress.
Read blog post >
Playing Dominos with Moodle's Security (1/2)
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >
BlackHat 2023: Hackers, Casinos, and an Exciting Announcement
The Sonar team of developers are just returning from their trip to Las Vegas where they attended BlackHat USA 2023. If you were not able to make it, here is what you missed.
Read blog post >
What is deeper SAST in JavaScript?
What is SAST, what does deeper SAST mean, and how does this apply to your JavaScript and TypeScript applications?
Read blog post >
Patches, Collisions, and Root Shells: A Pwn2Own Adventure
We dive into the technical details of the vulnerabilities we identified as part of last year's Pwn2Own competition.
Read article >
No, C++ static analysis does not have to be painful
No C and C++ static analysis does not need to mean difficult configuration and pain. We explain how Sonar has made the impossible possible with one-click analysis for projects hosted in GitHub. A free automatic analysis of C and C++ projects.
Read blog post >
WeAreDevelopers 2023 - what did you miss?
The Sonar team of developers are just returning from their trip to Berlin where they attended WeAreDevelopers 2023. If you were not able to make it, here is what you missed.
Read blog post >
Working with Multiple Code Variants in C++
Multiple variants of C++ code-bases at build time are a necessary evil on most projects - even if that's just debug and release. This has always made analysis more complex. But now, with first class support in SonarQube Server, multiple code variants are easier to analyze and understand.
Read article >
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State
Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.
Read article >
New Research from Sonar on Cost of Technical Debt
New original research from Sonar puts a spotlight on the millions of dollars that businesses lose when they fail to implement an optimal approach for software development.
Read Blog post >
How I started my career as a developer
Interviews with Sonar’s Developer Advocates on their careers and what Clean Code means to them.
Read article >