Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.
Blog post

Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/29c1cfd3-6f16-4cf9-8a2f-ab8784b441b4/Sonars%20Analysis%20Performance%20Targets_blog%20header.png
Blog post

Sonar’s analysis performance targets

We've finally defined our own performance goals for analysis - so that we're no longer subjecting ourselves to apples-to-oranges comparisons with tools that may not have the same goals or outcomes. Now, we can clearly state what you can expect from analysis, and how long analysis of a project should take under standardized conditions.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email
Blog post

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

Read Blog post >

We recently discovered two critical vulnerabilities in the IT monitoring dashboard Icinga Web. Let’s review their respective root cause and their patches!
Blog post

Path Traversal Vulnerabilities in Icinga Web

We recently discovered two critical vulnerabilities in the IT monitoring dashboard Icinga Web. Let’s review their respective root cause and their patches!

Read Blog post >

VS Code has been gaining popularity for C and C++ development. We are happy to announce that finally, we will be able to help you write clean C and C++ code in VS Code.
Blog post

A C&C++ tour of SonarLint for VS Code

VS Code has been gaining popularity for C and C++ development. We are happy to announce that finally, we will be able to help you write clean C and C++ code in VS Code.

Read Blog post >

We recently discovered a critical code vulnerability in RainLoop Webmail that allows attackers to steal all emails by sending a malicious mail.
Blog post

RainLoop Webmail - Emails at Risk due to Code Flaw

We recently discovered a critical code vulnerability in RainLoop Webmail that allows attackers to steal all emails by sending a malicious mail.

Read Blog post >

For the second time in a year, we identified critical code vulnerabilities in a central component of the PHP supply chain. Let's dive into it!
Blog post

PHP Supply Chain Attack on PEAR

For the second time in a year, we identified critical code vulnerabilities in a central component of the PHP supply chain. Let's dive into it!

Read Blog post >

The norm for setting up your cloud-native app infrastructure is quickly becoming Infrastructure as Code (IaC). In this blog, we’ll cover how Sonar is the solution for safeguarding your Ia...
Blog post

Clean Your Infrastructure Code with Sonar

The norm for setting up your cloud-native app infrastructure is quickly becoming Infrastructure as Code (IaC). In this blog, we’ll cover how Sonar is the solution for safeguarding your IaC invoked infrastructure.

Read Blog post >

With this series, we present the results of our research on the security of popular developer tools with the goal of making this ecosystem safer: today’s article revisits Git integrations.
Blog post

Securing Developer Tools: Git Integrations

With this series, we present the results of our research on the security of popular developer tools with the goal of making this ecosystem safer: today’s article revisits Git integrations.

Read Blog post >

Yarn, Pip, Composer & friends: Learn about 3 types of vulnerabilities we found in popular package managers that can be used by attackers to target developers.
Blog post

Securing Developer Tools: Package Managers

Yarn, Pip, Composer & friends: Learn about 3 types of vulnerabilities we found in popular package managers that can be used by attackers to target developers.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/611d1510-51a3-45b7-b546-e03bd6da1fbf/5%20Things%20to%20Consider%20in%20Performance%20Comparisons_blog%20header.png
Blog post

5 things to consider in performance comparisons

When talking about static analysis and/or SAST performance comparisons - or really, comparisons of any kind of performance - what criteria do you consider? Maybe it was fast, but what did it accomplish? Here's what you ought to look at when you compare performance.

Read Blog post >