Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/f1052fde-539c-4934-8274-323f48ca2757/highlights_hexacon_2023_blog_index.webp
Blog post

Highlights from Hexacon 2023

Last week, members of our AppSec and Vulnerability Research teams attended the Hexacon in Paris to learn, share, and network. Read more about our highlights.

Read article >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/77ae853a-51ae-474b-b9ab-04e7629ada1d/what_is_clean_code_blog_index.webp
Blog post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do. It feels like in the last couple of years, we finally managed to settle on what we had been looking for from the beginning: Clean Code. But what is Clean Code, and what does it encompass?

Read blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/3f0f356e-ad73-4f7b-8c76-ef2489feb469/Hero.webp
Blog post

Security Vulnerabilities in CasaOS

We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let's see what we can learn from them.

Read article >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/2f9f9f8c-2c32-4b09-9f3a-544fc9dafbaf/java_sast_benchmark_why_you_shouldnt_trust_them_blindly_blog_index.webp
Blog post

Java SAST Benchmarks: why you shouldn't trust them blindly

Java SAST Benchmarks: why you shouldn't trust them blindly

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/7031f784-ed58-4cbb-9054-5a352e680357/interview_with_java_devs_blog_index.webp
Blog post

Interview with Sonar Java Enthusiasts

Interview with Sonar Java Enthusiasts

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/7fdaf01f-8f86-4022-981e-a4b578ab24a2/ismg_interview_blog_index.webp
Blog Post

ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code

Sonar founder and co-CEO, Olivier Gaudin, sits down with ISMG's Tom Field at Black Hat USA 2023 to discuss how development can be improved to avoid security issues.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/78644db9-2502-475a-ae0b-ee50203bd1bf/cpp_podcast_key_take_aways_blog_index.webp
Blog post

Why I’m passionate about Static Analysis and how I helped make it better

Why I’m passionate about Static Analysis and how I helped make it better

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/22b2d211-1dae-47d2-a6a1-a733028c3381/redos_attacks_in_javascript_blog_index.webp
Blog post

A comprehensive guide to the dangers of Regular Expressions in JavaScript

A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/77ca6fd8-b2f6-48fb-b993-34ffcfd141a5/openrefine_zip_slip_blog_index.webp
Blog post

Unzipping Dangers: OpenRefine Zip Slip Vulnerability

Extracting archives can be very dangerous. Read more about a critical Zip Slip vulnerability SonarCloud detected in the open-source application OpenRefine.

Read article >

Sonar's Scoring on the Top 3 Java SAST Benchmarks
Blog post

Sonar's Scoring on the Top 3 Java SAST Benchmarks

Enhancing SAST Detection: Sonar's Scoring on the Top 3 Java SAST Benchmarks

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/2f74d567-9b00-0192-a4f8-032a70afc052/c98d8cef-13c5-41ae-99a2-5d1dffaa51c9/teamcity_vulnerability_blog_index.webp
Blog post

Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity

Our Vulnerability Research team discovered a critical vulnerability in the popular CI/CD server TeamCity, which attackers could use to steal source code and poison build artifacts.

Read article >