BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
SonarQube Server 10.6 Release Announcement
The 10.6 release of SonarQube Server includes some significant changes, such as autoscaling in Kubernetes, AutoConfig for C and C++ projects, support for running in a FIPS-enforced environment, set rule priority to uphold your coding standards, easy setup of monorepos, monitoring the time it takes to upgrade, and expanded library coverage for AI/ML developers.
Read article >
Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024
ecoCode Challenge Paris represents an opportunity to unite innovation and sustainable coding. As a proud sponsor, we are excited to see how SonarQube Server is empowering developers to prioritize environmental sustainability in their projects.
Read article >
Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages
Our research team discovered two vulnerabilities in mailcow, an email server solution. Attackers could compromise an instance, impersonate users, and steal emails.
Read article >
Integrating SonarQube Cloud with Amazon CodeCatalyst for Code Analysis
Sonar recently announced the integration of SonarQube Cloud with Amazon CodeCatalyst. This blog post guides you through integrating SonarQube Cloud, a cloud-based Clean Code solution, with Amazon CodeCatalyst.
Read blog post >
An Open Letter to Sonar[Qube] Users
Sonar’s new President of Field Operations introduces herself and reiterates the company's continued commitment to enabling organizations to succeed.
Read blog post >
mXSS: The Vulnerability Hiding in Your Code
XSS is a well-known bug class, but a lesser-known yet effective variant called mXSS has emerged over the last couple of years. In this blog, we will cover the fundamentals of this XSS variant and examine how you can protect against it.
Read article >
Sonar Named Leader in G2 Spring Report
We are excited to share that the G2 Spring 2024 reports were recently released, and once again, Sonar has been named the LEADER in Static Code Analysis!
Read article >
Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar
This post delves into an actual Jenkins vulnerability to understand the intricacies of deeper SAST for detecting deeply hidden code vulnerabilities. It illustrates how deeper SAST works and explains its impact on keeping your code clean and free of these serious issues.
Read article >
Parallel Code Security: The Challenge of Concurrency
Parallelism has been around for decades, but it is still a source of critical vulnerabilities nowadays. This blog post details a severe vulnerability in the remote desktop gateway Apache Guacamole, highlighting the security risks of parallelism.
Read article >
Code Interoperability: The Hazards of Technological Variety
The rapid development of different technologies doesn’t come without risks. This blog post details a critical vulnerability in the remote desktop gateway Apache Guacamole, which showcases the challenges of code interoperability.
Read article >
Leveraging SonarQube Server, SonarQube Cloud, and SonarQube for IDE for Effective Shift Left Practices
Speed and quality are no longer trade-offs in the modern software landscape - they're a tightly interwoven dance. That's where the "Shift Left" philosophy comes in, urging us to move critical checks and balances like code quality analysis earlier in the development lifecycle.
Read article >