Featured Post
Uncovering hidden security vulnerabilities with deeper SAST
Security vulnerabilities can be hidden in your third-party dependency code. Uncover them with deeper SAST.
Read more -->
Blog
Featured Post
Security vulnerabilities can be hidden in your third-party dependency code. Uncover them with deeper SAST.
Read more -->Let's dive into what you can do to get more and more of TypeScript's benefits in your JavaScript projects.
Read blog post >
Discover the new features in SonarQube 10.2!
Read article >
The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.
Read article >
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >
Enhancing Static Application Security Testing SAST, leverage benchmarks for tracking our progress.
Read blog post >
Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.
Read article >
The Sonar team of developers are just returning from their trip to Las Vegas where they attended BlackHat USA 2023. If you were not able to make it, here is what you missed.
Read blog post >
What is SAST, what does deeper SAST mean, and how does this apply to your JavaScript and TypeScript applications?
Read blog post >
We dive into the technical details of the vulnerabilities we identified as part of last year's Pwn2Own competition.
Read article >
No C and C++ static analysis does not need to mean difficult configuration and pain. We explain how Sonar has made the impossible possible with one-click analysis for projects hosted in GitHub. A free automatic analysis of C and C++ projects.
Read blog post >
The Sonar team of developers are just returning from their trip to Berlin where they attended WeAreDevelopers 2023. If you were not able to make it, here is what you missed.
Read blog post >
Multiple variants of C++ code-bases at build time are a necessary evil on most projects - even if that's just debug and release. This has always made analysis more complex. But now, with first class support in SonarQube, multiple code variants are easier to analyze and understand.
Read article >