Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image for Java SAST Benchmarks: why you shouldn't trust them blindly
Blog post

Java SAST Benchmarks: why you shouldn't trust them blindly

Java SAST Benchmarks: why you shouldn't trust them blindly

Read blog post >

Image for Interview with Sonar Java Enthusiasts
Blog post

Interview with Sonar Java Enthusiasts

Interview with Sonar Java Enthusiasts

Read blog post >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for ISMG Interview - Securing Applications, Accelerating DevOps with Code Quality
Blog Post

ISMG Interview - Securing Applications, Accelerating DevOps with Code Quality

Sonar founder and co-CEO, Olivier Gaudin, sits down with ISMG's Tom Field at Black Hat USA 2023 to discuss how development can be improved to avoid security issues.

Read blog post >

Image for Why I’m passionate about Static Analysis and how I helped make it better
Blog post

Why I’m passionate about Static Analysis and how I helped make it better

Why I’m passionate about Static Analysis and how I helped make it better

Read blog post >

Image for A comprehensive guide to the dangers of Regular Expressions in JavaScript
Blog post

A comprehensive guide to the dangers of Regular Expressions in JavaScript

A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript

Read blog post >

Image for Unzipping Dangers: OpenRefine Zip Slip Vulnerability
Blog post

Unzipping Dangers: OpenRefine Zip Slip Vulnerability

Extracting archives can be very dangerous. Read more about a critical Zip Slip vulnerability SonarQube Cloud detected in the open-source application OpenRefine.

Read article >

Sonar's Scoring on the Top 3 Java SAST Benchmarks
Blog post

Sonar's Scoring on the Top 3 Java SAST Benchmarks

Enhancing SAST Detection: Sonar's Scoring on the Top 3 Java SAST Benchmarks

Read blog post >

Image for Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity
Blog post

Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity

Our Vulnerability Research team discovered a critical vulnerability in the popular CI/CD server TeamCity, which attackers could use to steal source code and poison build artifacts.

Read article >

Image for Open Source Summit 2023
Blog Post

Open Source Summit 2023

Open Source Summit 2023

Read blog post >

Image for 5 Code Quality Tips for Reducing Cognitive Complexity
Blog post

5 Code Quality Tips for Reducing Cognitive Complexity

Understanding how Cognitive Complexity works will help guide you on where to focus your time. This blog dives into how this Sonar-exclusive metric was formulated to accurately measure the relative understandability of methods.

Read article >

Image for Remote Code Execution in Tutanota Desktop due to Code Flaw
Blog post

Remote Code Execution in Tutanota Desktop due to Code Flaw

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.

Read article >