Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Introducing support for Rust in SonarQube
The popularity of the Rust programming language is growing. Rustaceans have been asking for SonarQube to support Rust and now it's here!
Read article >
MISRA C++:2023 Compliance for Auto Safety and Reliability
MISRA coding guidelines are a standard for automotive and other safety critical systems. SonarQube helps C++ developers deliver MISRA C++:2023 compliant apps with MISRA Compliance Early Access available in SonarQube Server Enterprise and Data Center.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
New! Architecture as Code in SonarQube
Sonar recently introduced new architecture as code functionality in SonarQube. You can now formally define the architecture of your projects and SonarQube will automatically verify when code strays from your defined architecture preventing architectural drift.
Read article >
New Spring framework rules in SonarQube
SonarQube has introduced new rules to improve code quality and enforce best practices in Spring Framework applications. These rules focus on various aspects of Spring development, including event handling, scheduling, data and MVC, caching, dependency injection, and testing.
Read article >
SonarQube Server 2025 Release 2 Announcement
The new SonarQube Server 2025 Release 2 contains significant enhancements across code quality, code security, and issue remediation with AI CodeFix. Read on to learn more about these great new capabilities.
Read article >
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (2/2)
In this second part, we delve into JumpServer's code execution vulnerabilities we discovered, and understand their root causes. Learn the importance of threat modeling and adherence to best practices can safeguard your own applications.
Read article >
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2)
Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities we found in JumpServer.
Read article >
Announcing SonarQube Advanced Security
SonarQube Advanced Security includes Software Composition Analysis (SCA) and advanced Static Application Security Testing (SAST) extending SonarQube's core security capability.
Read article >
Beware the Cookie Monster: Cyberhaven Extension Vulnerability Allowed Cookie Theft
We discovered a vulnerability in Cyberhaven's browser extension that allowed attackers to steal arbitrary cookies from their victims.
Read article >
8 Reasons to Try SonarQube Free Tier
SonarQube Cloud Free tier offers more features that make it a viable alternative to SonarQube Community Build, including pull request analysis, enhanced security, and support for more programming languages. It also provides a maintenance-free experience and seamless DevOps integration. Read on to find out more.
Read article >
SonarQube Server Wins DEVIES Award for Code Testing & Quality Management
SonarQube Server has been honored with a 2025 DEVIES Award, recognizing its commitment to delivering a top-tier code quality and security solution for developers and organizations worldwide.
Read article >