Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/0618970f-52b3-4a04-9014-53fee3f88588/spring_boot_coding_pitfalls_blog_index.webp
Blog Post

Spring framework pitfalls

Spring framework offers a lot of help in the development, but we still have to pay attention and make the right use of it in order to avoid some issues.

Read blog post >

 An artistic impression of nested code with a big red cross over the top right corner.
Blog post

Stop nesting ternaries in JavaScript

Nesting ternary operators makes code more complex and less clear. Let's investigate other ways to write conditional expressions.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/f520b31d-6cc5-4f3f-80e4-d85628182c31/costly_consequences_blog_index.webp
Blog post

Unraveling the Costs of Bad Code in Software Development

Not only does bad code cost companies millions of dollars, but countless hours of lost time, productivity, and brand reputation too. By acknowledging the existence of bad code and implementing proactive measures to mitigate its impact, developers and organizations can steer software toward success.

Read blog post >

Image of preventing secrets in code
Blog post

Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school

What are hard coded secrets? Why do you care if secrets are hidden in your code? How does Sonar help prevent secrets from getting into your code, entering your repository, and leaking out from your CI/CD pipeline? In this post, Product Manager, Alex Gigleux, answers all your questions.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/245aa8f4-4550-4f24-a8a7-304a93f3c0cd/omdia-hero-image.jpeg
Blog post

Sonar is “On the Radar”: New Omdia Report

Omdia — an analyst firm that provides decades of industry experience, world-class research and consultancy, and actionable insights in over 200 markets — has published research about Sonar, our solutions, and recent innovations of deeper SAST and zero-configuration automatic analysis for C/C++. The research digs into why Sonar should be on your radar and also takes a look at the market view as well as from a current positioning.

Read article >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/7293f25a-1ce5-4395-931d-1e612070ba78/top_issues_in_java_projects_blog_index%20%281%29.webp
Blog Post

Top issues in Java projects

Let's dig into the projects using Java as language and see, according to what SonarLint telemetry shows, that there are still lots of issues that appear in the huge list of analyzed projects.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/c2ae785c-a6a3-410b-a598-5a4010559f0b/vs_code_security_npm_vulnerabilities_blog_index.webp
Blog post

Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)

It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.

Read article >

SonarQube 10.3 Release Announcement Image
Blog post

SonarQube 10.3 Release Announcement

The new SonarQube 10.3 release is out now, including Secrets Detection at the Source, Clean Code Taxonomy & Clean as You Code Updates, Automate Provisioning GitHub Projects and Teams, 2023 CWE Top 25 Report, the Blazor Framework, and Stronger Security.

Read article >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/ce58b847-3724-4e35-bcfa-1c2a6e17a497/vs_code_security_markdown_vulnerabilities_in_third_party_extensions_blog_index.webp
Blog post

Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.

Read article >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/5b5ad127-f19d-47a7-afdd-9d303324e829/c_sast_benchmarks_blog_index.webp
Blog post

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/e2fe37e7-55cd-01b0-b5d2-5ad4e116ce31/eda788d6-c636-4492-b70d-da91a829c6d7/vs_code_security_deep_dive_into_your_favorite_editor_blog_index.webp
Blog post

Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.

Read article >