Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/c56ed450-f769-40eb-b035-341c90716c4d/gogs_vulnerability_square.webp
Blog post

Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2)

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/767c21ed-a3e7-4277-b38b-ca6a02b63fd7/Cost%20of%20Bad%20Code_Landscape_Blog-Header.png
Blog post

The True Cost of Bad Code in Software Development

Despite advances in technology and methodologies, the costs associated with fixing bad code continue to escalate, impacting businesses financially and operationally. But what is bad code, what are the clear markers of its negative impact, and how can organizations overcome it?

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

SonarQube 10.6 logo
Blog post

SonarQube 10.6 Release Announcement

The 10.6 release of SonarQube includes some significant changes, such as autoscaling in Kubernetes, AutoConfig for C and C++ projects, support for running in a FIPS-enforced environment, set rule priority to uphold your coding standards, easy setup of monorepos, monitoring the time it takes to upgrade, and expanded library coverage for AI/ML developers.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/21b7a818-f820-4ea1-b883-36e1da9b4762/green_code_with_clean_code_blog_index.webp
Blog post

Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024

ecoCode Challenge Paris represents an opportunity to unite innovation and sustainable coding. As a proud sponsor, we are excited to see how SonarQube is empowering developers to prioritize environmental sustainability in their projects.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/4b5946e5-53c0-4c7e-86c5-76520675cac8/mailcow_vulnerabilities_blog_index.webp
Blog post

Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages

Our research team discovered two vulnerabilities in mailcow, an email server solution. Attackers could compromise an instance, impersonate users, and steal emails.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/e84165bf-fa7c-4813-91f6-c72aa4fac5d8/sonarcloud_codecatalyst_integration_blog_index.webp
Blog post

Integrating SonarCloud with Amazon CodeCatalyst for Code Analysis

Sonar recently announced the integration of SonarCloud with Amazon CodeCatalyst. This blog post guides you through integrating SonarCloud, a cloud-based Clean Code solution, with Amazon CodeCatalyst.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/7dd61237-88ff-4c96-aa5b-7755f58e36eb/open_letter_blog_index.webp
Blog post

An Open Letter to Sonar[Qube] Users

Sonar’s new President of Field Operations introduces herself and reiterates the company's continued commitment to enabling organizations to succeed.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/509db3a7-da2d-4fe4-8c4f-9caadf18d00f/mxss_blog_index.webp
Blog post

mXSS: The Vulnerability Hiding in Your Code

XSS is a well-known bug class, but a lesser-known yet effective variant called mXSS has emerged over the last couple of years. In this blog, we will cover the fundamentals of this XSS variant and examine how you can protect against it.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/a25833eb-d9b7-47d8-9c18-d2c362dd604d/g2_2024_blog_index.webp
Blog post

Sonar Named Leader in G2 Spring Report

We are excited to share that the G2 Spring 2024 reports were recently released, and once again, Sonar has been named the LEADER in Static Code Analysis!

Read article >

Image of deeper SAST by Sonar
Blog post

Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar

This post delves into an actual Jenkins vulnerability to understand the intricacies of deeper SAST for detecting deeply hidden code vulnerabilities. It illustrates how deeper SAST works and explains its impact on keeping your code clean and free of these serious issues.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/4ad4479c-ecb6-4bad-8522-a6f058ab0ae5/parallel_code_security_blog_index.webp
Blog post

Parallel Code Security: The Challenge of Concurrency

Parallelism has been around for decades, but it is still a source of critical vulnerabilities nowadays. This blog post details a severe vulnerability in the remote desktop gateway Apache Guacamole, highlighting the security risks of parallelism.

Read article >