Sonar's latest blog posts
The future is AC/DC: the Agent Centric Development Cycle
The era of Continuous Integration, with its familiar processes and workflows, is rapidly coming to an end. Traditional CI relies on developers making small, frequent, iterative commits. Today, the “continuous” part is changing.
Category
Why technical debt is still your team's biggest productivity drain
Technical debt slows development and increases risk. Learn what causes it, how AI impacts it, and how to manage it for better software quality.
Read article >
Arbitrary code execution and Claude Code CLI: How Claude executed code before you click 'trust'
We discovered different ways an untrusted folder can execute arbitrary code in Claude Code before the user is prompted with the trust dialog, allowing for potential compromise when cloning untrusted projects!
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
GPT-5.5’s biggest blind spot: the Java bugs your tests won’t catch
Sonar’s LLM Leaderboard reveals concurrency bugs in AI generated Java code that pass tests but break in production due to thread timing issues.
Read article >
When linting is not enough
Is linting enough for AI-generated code? Discover why deep static analysis, control flow, and taint analysis are critical to preventing vulnerabilities and architectural decay in agent-centric development.
Read article >
Claude Opus 4.7: An evaluation review & metrics benchmarks
Discover how Claude Opus 4.7 cuts code volume by 40% but increases vulnerability risks. See the full technical audit of bugs, complexity, and code smells.
Read article >