Sonar's latest blog posts

Featured Post

The Coding Personalities of Leading LLMs

Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/7f6e6498-f9d3-4c75-8cb2-16917f0d95c2/LLMs-coding-personalities_featured-blog%402x.webp
Blog post

Cyber Resilience Act: Navigating speed and security with AI-coding

Modern software development is caught between two powerful forces. On one hand, generative artificial intelligence (AI) coding tools are supercharging development velocity at the expense of rigorous security review.

Read article >

Blog post

Java 23: Embrace the new era of code comments

We’ve covered Java 22, and are now getting into Java 23, which introduces several new language features. We’ll focus on enhancing documentation, and how to leverage the new features with simple examples.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog post

What's the top bug in your language? Find out in The State of Code: Languages report

The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.

Read article >

Blog post

How Sonar Helps Achieve a Strong SOC 2 Type II Report

An SOC 2 Type II report is a critical attestation for service organizations, demonstrating their commitment to securely managing customer data over time. Learn how SonarQube can streamline your SOC 2 compliance journey!

Read article >

Blog post

Protecting your AI code: How SonarQube defends against the "Rules File Backdoor"

This case highlights an issue where configuration files were manipulated through hidden Unicode characters, which is a vector now commonly referred to as the "Rules File Backdoor".

Read article >

Blog post

Java 22: Leverage unnamed variables and patterns

Java 22 introduces several new language features but there’s one particularly important. This article shows you how to leverage the Unnamed variables and patterns with simple examples.

Read article >

Blog post

How SonarQube enables DORA compliance for financial institutions

The financial services industry stands at a critical juncture. With the Digital Operational Resilience Act (DORA) now fully in effect across the European Union, financial institutions must demonstrate robust cybersecurity and operational resilience capabilities.

Read article >

Blog post

Tame technical debt with insights from The State of Code: Maintainability report

Tame technical debt with insights from The State of Code: Maintainability report

Read article >

Blog post

Securing Kotlin Apps With SonarQube: Real-World Examples

Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.

Read article >

Blog post

The biggest security risks unveiled in The State of Code: Security report

The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.

Read article >

Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)

In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability. 

Read article >