Blog
Sonar's latest blog posts
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
Remote Code Execution in Melis Platform
We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.
Read Blog post >
Bad code costs more than just your money
Bad code doesn’t just disappear and the consequences of overlooking it can be costly.
Read Blog post >
The Rules of Three, Five and Zero
The Rule of Three was coined back in 1991. That expanded to the Rule of Five with C++11's move semantics - and even that was then subsumed by The Rule of Zero. But what are all these rules? And do we have to follow them?
Read Blog post >
Five SonarCloud features for developers that want Clean Code
Whether you’re working on a new project or an existing one, you might think of Clean Code as an ideal, somewhere far out of reach. Let’s go over 5 key features that make SonarCloud the perfect tool for developers and development teams to deliver Clean Code consistently and efficiently, without disrupting the existing development workflow.
Read Blog post >
Securing Developer Tools: A New Supply Chain Attack on PHP
What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!
Read Blog post >
Our journey toward accessibility
When you think about your typical workday, how much time do you spend working on a computer? How hard would it be for you to perform your job if you did not have access to a computer?
Read Blog post >
Securing Developer Tools: OneDev Remote Code Execution
We recently discovered several vulnerabilities in OneDev 7.2.9 that allowed attackers to fully compromise a server and even break out of a Docker environment.
Read Blog post >
Interview with a SonarSource Developer
Curious about life as a Developer at SonarSource? Join us as we discuss changes in the world of programming, the importance of Security, and writing code with SonarCloud Backend Developer Claire Villard.
Read Blog post >
The Power of Clean Code
Clean Code—a term you may have casually used or heard before but may not have synthesized or internalized its true essence. In this post, learn what Clean Code is and why it matters.
Read Blog post >
WordPress Core - Unauthenticated Blind SSRF
Our security researchers were surprised to discover a low-hanging code vulnerability in WordPress Core that we will discuss in this blog post.
Read Blog post >
You’re 3 minutes away from clean Java pull requests!
In this blog, we demonstrate how you can get started with SonarCloud in less than 3 minutes and ensure all new Java pull requests are clean, every time.
Read Blog post >