Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image for Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024
Blog post

Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024

ecoCode Challenge Paris represents an opportunity to unite innovation and sustainable coding. As a proud sponsor, we are excited to see how SonarQube Server is empowering developers to prioritize environmental sustainability in their projects.

Read article >

Image for Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages
Blog post

Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages

Our research team discovered two vulnerabilities in mailcow, an email server solution. Attackers could compromise an instance, impersonate users, and steal emails.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for Integrating SonarQube Cloud with Amazon CodeCatalyst for Code Analysis
Blog post

Integrating SonarQube Cloud with Amazon CodeCatalyst for Code Analysis

Sonar recently announced the integration of SonarQube Cloud with Amazon CodeCatalyst. This blog post guides you through integrating SonarQube Cloud, a cloud-based Clean Code solution, with Amazon CodeCatalyst.

Read blog post >

Image for An Open Letter to Sonar[Qube] Users
Blog post

An Open Letter to Sonar[Qube] Users

Sonar’s new President of Field Operations introduces herself and reiterates the company's continued commitment to enabling organizations to succeed.

Read blog post >

Image for mXSS: The Vulnerability Hiding in Your Code
Blog post

mXSS: The Vulnerability Hiding in Your Code

XSS is a well-known bug class, but a lesser-known yet effective variant called mXSS has emerged over the last couple of years. In this blog, we will cover the fundamentals of this XSS variant and examine how you can protect against it.

Read article >

Image of deeper SAST by Sonar
Blog post

Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar

This post delves into an actual Jenkins vulnerability to understand the intricacies of deeper SAST for detecting deeply hidden code vulnerabilities. It illustrates how deeper SAST works and explains its impact on keeping your code clean and free of these serious issues.

Read article >

Image for Parallel Code Security: The Challenge of Concurrency
Blog post

Parallel Code Security: The Challenge of Concurrency

Parallelism has been around for decades, but it is still a source of critical vulnerabilities nowadays. This blog post details a severe vulnerability in the remote desktop gateway Apache Guacamole, highlighting the security risks of parallelism.

Read article >

Image for Code Interoperability: The Hazards of Technological Variety
Blog post

Code Interoperability: The Hazards of Technological Variety

The rapid development of different technologies doesn’t come without risks. This blog post details a critical vulnerability in the remote desktop gateway Apache Guacamole, which showcases the challenges of code interoperability.

Read article >

Image for Leveraging SonarQube Server, SonarQube Cloud, and SonarQube for IDE for Effective Shift Left Practices
Blog post

Leveraging SonarQube Server, SonarQube Cloud, and SonarQube for IDE for Effective Shift Left Practices

Speed and quality are no longer trade-offs in the modern software landscape - they're a tightly interwoven dance. That's where the "Shift Left" philosophy comes in, urging us to move critical checks and balances like code quality analysis earlier in the development lifecycle.

Read article >

Image for Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis
Blog post

Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis

Unit and end-to-end testing are effective in ensuring features and functionality work properly, but what about code quality? How can we ensure that our code is reliable, maintainable, and secure? Enter static code analysis.

Read article >

Image for Legacy Codebases are a DevOps Issue
Blog post

Legacy Codebases are a DevOps Issue

Explore how DevOps principles and practices can transform the challenge of managing legacy code into an opportunity for improvement. This piece outlines actionable strategies for refactoring, the importance of automation, and adopting a 'Clean as You Code' approach to ensure sustainable code quality and efficiency.

Read article >