BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator
This blog post explains how taint analysis tracks all data flows in an application’s source code to unveil deeply hidden vulnerabilities and showcases a critical vulnerability in the OpenAPI Generator discovered by SonarQube Cloud.
Read article >
Why Code Security Matters - Even in Hardened Environments
This blog post showcases why fundamental code security is essential for an application despite all hardening measures applied in the underlying infrastructure.
Read article >
Announcing Sonar's Support for Dart: Elevate Your Code Quality
Sonar now supports the Dart programming language
Read article >
SonarQube Server 10.7 Release Announcement
Sonar introduces powerful AI-driven features, expanded support for new and existing languages and frameworks, and deeper security, all to elevate your code quality. These updates bring significant advancements for developers and teams.
Read article >
Building Confidence and Trust in AI-Generated Code
Sonar AI Code Assurance is a robust and streamlined process for validating AI-generated code through a structured and comprehensive analysis.
Read article >
Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix
Sonar AI CodeFix is a powerful capability that suggests code fixes for issues discovered by our code analysis solutions SonarQube Server and SonarQube Cloud.
Read article >
Top Security Flaws hiding in your code right now - and how to fix them
Let's examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.
Read article >
How can Sonar help with ISO 27001 compliance?
Security standards such as ISO 27001 are crucial for businesses as they offer a structured framework for managing and safeguarding sensitive information.
Read article >
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
pyspider uses the convenient “basic HTTP authentication” method, but browsers don’t take the extra step to protect users from CSRF attacks. Learn more on how SonarQube Cloud detected 2 vulnerabilities in this open-source project.
Read article >
How to Choose an LLM in Software Development
With so many Large Language Models (LLMs) out there, selecting the right LLM is crucial for any organization looking to integrate AI into its operations.
Read article >
SonarQube Cloud or SonarQube Server, What's Right for Your Team?
Learn about the similarities and key differences between SonarQube Cloud and SonarQube Server and which one is best for your use case.
Read Blog post >