Blog
Sonar's latest blog posts
What is Clean Code?
If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.
But what is Clean Code, and what does it encompass?
2024 Security Predictions from the Sonar Research Team
Reflecting on changes in the industry over the past year, as well as the research we’ve published, the Sonar Vulnerability Research team came together and compiled our thoughts on what we foresee for cybersecurity in 2024.
Read Blog post >
Sonar @ Black Hat Europe!
Last week, several SonarSourcers traveled to London to attend our third Black Hat event of the year. Here's what happened!
Read article >
pfSense Security: Sensing Code Vulnerabilities with SonarCloud
Our Clean Code solution SonarCloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarCloud found them and how it can keep your code clean.
Read blog post >
Stop nesting ternaries in JavaScript
Nesting ternary operators makes code more complex and less clear. Let's investigate other ways to write conditional expressions.
Read article >
Unraveling the Costs of Bad Code in Software Development
Not only does bad code cost companies millions of dollars, but countless hours of lost time, productivity, and brand reputation too. By acknowledging the existence of bad code and implementing proactive measures to mitigate its impact, developers and organizations can steer software toward success.
Read blog post >
Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school
What are hard coded secrets? Why do you care if secrets are hidden in your code? How does Sonar help prevent secrets from getting into your code, entering your repository, and leaking out from your CI/CD pipeline? In this post, Product Manager, Alex Gigleux, answers all your questions.
Read blog post >
Sonar is “On the Radar”: New Omdia Report
Omdia — an analyst firm that provides decades of industry experience, world-class research and consultancy, and actionable insights in over 200 markets — has published research about Sonar, our solutions, and recent innovations of deeper SAST and zero-configuration automatic analysis for C/C++. The research digs into why Sonar should be on your radar and also takes a look at the market view as well as from a current positioning.
Read article >
Top issues in Java projects
Let's dig into the projects using Java as language and see, according to what SonarLint telemetry shows, that there are still lots of issues that appear in the huge list of analyzed projects.
Read blog post >
Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)
It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.
Read article >
SonarQube 10.3 Release Announcement
The new SonarQube 10.3 release is out now, including Secrets Detection at the Source, Clean Code Taxonomy & Clean as You Code Updates, Automate Provisioning GitHub Projects and Teams, 2023 CWE Top 25 Report, the Blazor Framework, and Stronger Security.
Read article >
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)
We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.
Read article >