Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/06782311-1caf-013c-e622-aa7e808aa21d/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
Regular expressions are a concise and powerful tool for processing text. However, they also come with a steep learning curve and plenty of opportunities to make mistakes. This is the firs...
Blog post

Regular expressions present challenges even for not-so-regular developers

Regular expressions are a concise and powerful tool for processing text. However, they also come with a steep learning curve and plenty of opportunities to make mistakes. This is the first in a series of posts about some specific regex pitfalls.

Read Blog post >

Hey SonarQube and SonarCloud users! You now have a tool to own Code Security! 

SonarSource has been hard at work for the last year to give you the tooling to review and improve your code...
Blog post

Code security: now there's a tool for developers

Hey SonarQube and SonarCloud users! You now have a tool to own Code Security!  SonarSource has been hard at work for the last year to give you the tooling to review and improve your code security. We're glad to say that today you have at your fingertips  unmatched precision and performance in SAST (Static Application Security Testing) analysis for five languages and counting.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

It's time to have some December fun! We have 24 little challenge gifts awaiting you that hide security vulnerabilities in real-world Java, C#, PHP and Python code. Can you spot the vulner...
Blog post

Code Security Advent Calendar 2020

It's time to have some December fun! We have 24 little challenge gifts awaiting you that hide security vulnerabilities in real-world Java, C#, PHP and Python code. Can you spot the vulnerability?

Read Blog post >

SonarQube Developer Edition overlays Code Quality and Security™ right onto your projects. Your pull requests are automatically analyzed and decorated with a clear Go/No Go Quality Gate so...
Blog post

Make Code Quality & Security™ an integral part of your workflow

SonarQube Developer Edition overlays Code Quality and Security™ right onto your projects. Your pull requests are automatically analyzed and decorated with a clear Go/No Go Quality Gate so you only merge clean, quality code! 👏

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/06782311-1caf-013c-e622-aa7e808aa21d/4849fcf9-8702-4539-b821-90b05d8000e2/cover-bcb5e9ca-8c91-4adb-aa9c-4d334973af01_SC_python_blog.png
Blog post

How SonarCloud finds bugs in high-quality Python projects

As developers, there always comes a time when we find a bug in production and wonder how it passed all our quality checks. Let's go over a few Bugs we found with SonarCloud and see why it is able to detect them when popular linters don't .

Read Blog post >

OpenEMR is the most popular open source software for electronic health record and medical practice management. It is used world-wide to manage sensitive patient data, including informatio...
Blog post

Code vulnerabilities put health records at risk

Recently, we discovered several code vulnerabilities in OpenEMR 5.0.2.1. A combination of these vulnerabilities allowed remote attackers to execute arbitrary system commands on any OpenEMR server that uses the Patient Portal component. This can lead to the compromise of sensitive patient data, or worse, to a compromise of critical infrastructure.

Read Blog post >

Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I'm proud to announce a step forward for defenders with a new rule to d...
Blog post

Winning the race against TOCTOU vulnerabilities in C & C++

Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I'm proud to announce a step forward for defenders with a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use. 

Read Blog post >

Take a tour of SonarCloud's integration with mono-repositories in GitHub and Azure DevOps Services. This new feature allows you to define multiple Quality Gates per project and receive mu...
Blog post

Mono-repository support for GitHub and Azure DevOps Services available now!

Take a tour of SonarCloud's integration with mono-repositories in GitHub and Azure DevOps Services. This new feature allows you to define multiple Quality Gates per project and receive multiple results in your pull requests.

Read Blog post >

How code vulnerabilities in your web application can be the single point of failure for your IT infrastructure’s security.
Blog post

Pandora FMS 742: Critical Code Vulnerabilities Explained

How code vulnerabilities in your web application can be the single point of failure for your IT infrastructure’s security.

Read Blog post >

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easie...
Blog post

False positives are our enemies, but may still be your friends

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. Learn how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Codoforum 4.8.7: Critical Code Vulnerabilities Explained

We analyze the root cause of three critical security vulnerabilities that enabled a complete board take over, and how to correctly prevent these in your code.

Read Blog post >