Blog
Sonar's latest blog posts
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
Top Security Flaws hiding in your code right now - and how to fix them
Let's examine the three most common injection attack types—SQL injection, Deserialization Injection, and Logging Injection—and discuss ways to prevent them.
Read article >
How can Sonar help with ISO 27001 compliance?
Security standards such as ISO 27001 are crucial for businesses as they offer a structured framework for managing and safeguarding sensitive information.
Read article >
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
pyspider uses the convenient “basic HTTP authentication” method, but browsers don’t take the extra step to protect users from CSRF attacks. Learn more on how SonarCloud detected 2 vulnerabilities in this open-source project.
Read article >
How to Choose an LLM in Software Development
With so many Large Language Models (LLMs) out there, selecting the right LLM is crucial for any organization looking to integrate AI into its operations.
Read article >
SonarCloud or SonarQube, What's Right for Your Team?
Learn about the similarities and key differences between SonarCloud and SonarQube and which one is best for your use case.
Read Blog post >
[ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for and Impact of Clean Code at QCon London 2024
Olivier Gaudin discusses the value of quality, secure code from the start at top industry software conference. Check out his talk!
Read article >
Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire
Modern JavaScript front-end frameworks protect your application from XSS vulnerabilities by automatically escaping untrusted content. This built-in feature can be bypassed intentionally, which should be taken with great care.
Read article >
How Sonar Helps meeting NIST SSDF Code Security Requirements
Sonar’s solutions, including SonarLint, SonarQube, and SonarCloud, help you meet NIST SSDF code security requirements and enhance overall code quality. Find out how.
Read article >
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
Sonar’s R&D team discovered a Cross-Site Scripting vulnerability in Roundcube. Similar vulnerabilities in Roundcube have been used by APTs to steal government emails.
Read article >
Now Introducing, SonarCloud Enterprise and SonarCloud Team
We are excited to expand our SonarCloud offering with the availability of two new plans, SonarCloud Enterprise and SonarCloud Team.
Read article >
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
Read article >