Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.


Modernize Code Quality with ‘Quick Fixes’
Boost your productivity by automatically applying fixes to repair code quality issues in your IDE with SonarQube for IDE.
Read Blog >

Cachet 2.4: Code Execution via Laravel Configuration Injection
We responsibly disclosed three vulnerabilities in the open-source status page Cachet, allowing attackers to take over instances. Here are all the details!
Read Blog >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

Product portals open: we want your input
We've recently opened up product portals on Productboard. You'll find them for SonarQube Server, SonarQube Cloud, and SonarQube for IDE. Each one shows the features we're currently working on, the ones we've released recently, and the ones we're planning.
Read Blog >

Ghost CMS 4.3.2 - Cross-Origin Admin Takeover
We recently discovered an XSS vulnerability in the admin frontend of Ghost CMS 4.3.2. Find out the details and learn how to avoid such issues in your code!
Read Blog >

Compilation database: An alternative way to configure your C or C++ analysis
Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of this information, called the build wrapper. Recently we introduced another way to configure your analysis, the compilation database. Learn more about the pros and cons of each option.
Read Blog >

elFinder - A Case Study of Web File Manager Vulnerabilities
Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.
Read Blog >

Use 3rd-party plugins at your own risk
If you're using 3rd-party plugins for SonarQube Server, you're obviously already aware of the benefits. With this blog post, we want to make sure you're also aware of the risks. Because there are risks.
Read Blog >

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe
Learn how developers can safeguard their cloud 'secrets' from publicly leaking and take charge of their Code Security with SonarQube for IDE.
Read Blog >

How Clean Code Practices Help You Retain Your Development Talent
It can be challenging to maintain good coding vibes when your team or company often prioritizes feature delivery over code quality. If your developers are never allowed the time to work on new and exciting things they may eventually find somewhere else to bring their coding talents to.
Read Blog >

Zimbra 8.8.15 - Webmail Compromise via Email
We discovered critical code issues in Zimbra, a popular enterprise webmail solution, that could lead to a compromise of all emails by an unauthenticated attacker.
Read Blog >

Clean As You Code essentials - What are Quality Profiles and Quality Gates?
Learn how the functionality of Quality Profiles and Quality Gates come together to enable the SonarSource Clean As You Code methodology.
Read Blog >