Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/b1ac63b6-1e65-01f4-6f38-e97c0e9214a1/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
Image shows various elements of code security, languages and bugs
Blog post

WordPress 5.8.2 Stored XSS Vulnerability

We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.

Read Blog post >

Vulnerability Research Highlights 2021
Blog post

Vulnerability Research Highlights 2021

Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarLint, SonarQube and SonarClou...
Blog post

Modernizing your code with C++20

C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarLint, SonarQube and SonarCloud can help us modernize our code to take advantage of some of the new features.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

NodeBB 1.18.4 - Remote Code Execution With One Shot

We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!

Read Blog post >

Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!
Blog post

Code Security Advent Calendar 2021

Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!

Read Blog post >

In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.
Blog post

10 Unknown Security Pitfalls for Python

In this blog post, we share 10 security pitfalls for Python developers that we encountered in real-world projects.

Read Blog post >

We discovered 3 more code vulnerabilities in the popular GoCD CI/CD system that can be chained by attackers to leak or modify internal code. Learn more in this blog post.
Blog post

Agent 008: Chaining Vulnerabilities to Compromise GoCD

We discovered 3 more code vulnerabilities in the popular GoCD CI/CD system that can be chained by attackers to leak or modify internal code. Learn more in this blog post.

Read Blog post >

Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!
Blog post

SmartStoreNET - Malicious Message leading to E-Commerce Takeover

Check out the details of a Cross-Site Scripting bug in the BBCode processing in SmartStoreNET and how it can be chained into arbitrary code execution!

Read Blog post >

We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Blog post

Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD

We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/b1ac63b6-1e65-01f4-6f38-e97c0e9214a1/e289de40-8bea-42be-b6e4-7171f08e246d/Meet%20the%20New%20Project%20Experience_blog%20header.png
Blog post

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud.

Read Blog post >

We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.
Blog post

Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services

We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.

Read Blog post >