Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0d1d74a2-aeb7-4568-8a04-60c540df4079/code_interoperability_blog_index.webp
Blog post

Code Interoperability: The Hazards of Technological Variety

The rapid development of different technologies doesn’t come without risks. This blog post details a critical vulnerability in the remote desktop gateway Apache Guacamole, which showcases the challenges of code interoperability.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/ec424b18-92f6-4541-9300-b4cbecabe266/shift_left_blog_index.webp
Blog post

Leveraging SonarQube, SonarCloud, and SonarLint for Effective Shift Left Practices

Speed and quality are no longer trade-offs in the modern software landscape - they're a tightly interwoven dance. That's where the "Shift Left" philosophy comes in, urging us to move critical checks and balances like code quality analysis earlier in the development lifecycle.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/13dde10a-3227-42f0-9260-7862f2122ebb/level_up_ci_cd_blog_index.webp
Blog post

Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis

Unit and end-to-end testing are effective in ensuring features and functionality work properly, but what about code quality? How can we ensure that our code is reliable, maintainable, and secure? Enter static code analysis.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/7ed1e8ff-4ee0-4188-a576-26d070db2fe8/legacy_codebases_blog_index.webp
Blog post

Legacy Codebases are a DevOps Issue

Explore how DevOps principles and practices can transform the challenge of managing legacy code into an opportunity for improvement. This piece outlines actionable strategies for refactoring, the importance of automation, and adopting a 'Clean as You Code' approach to ensure sustainable code quality and efficiency.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/6776f57b-4dac-4b9d-8a52-e17cd6053939/sq_10_5_blog_index.webp
Blog post

SonarQube 10.5 Release Announcement

The 10.5 release of SonarQube includes support for Java 21, C++23, and TypeScript 5.4. Secrets detection analysis is faster and deeper SAST coverage has increased. Project onboarding is more simplified for monorepos, Maven, and GitHub Actions. Read on to find out about these and much more.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/8b48b3ee-c446-482c-8c95-ceb0e3221eb7/sourceforge_blog_index.webp
Blog post

Dangerous Import: SourceForge Patches Critical Code Vulnerability

Our Vulnerability Research team discovered a critical code vulnerability in SourceForge, which attackers could have used to poison deployed files and spread malware to millions of users.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/fe0eab56-9d1e-4e28-af32-cf3c66bc4192/ai_generated_code_blog_index.webp
Blog post

AI-Generated Code Demands ‘Trust, But Verify’ Approach to Software Development

Pairing the "trust, but verify" approach with the power of Sonar’s Clean Code solutions enables organizations to be confident that their AI-generated code is high-quality, maintainable, reliable, and secure.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/1819ec3a-30df-49a3-bb52-3ec27a444446/c-sharp_logging_blog_index.webp
Blog post

C# Logging Best Practices with .NET

Are you writing logging code in your app? Logging correctly can be tricky. It is an important part of tracking the progress of your app while running and determining the origin of problems when they arise. In this blog post Denis Troller walks you through common pitfalls and logging best practices when coding in C# with .NET.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/d08b7f02-7fe4-43fa-8cbe-9175e923e26a/apache_dubbo_consumer_risks_blog_index.webp
Blog post

Apache Dubbo Consumer Risks: The Road Not Taken

Explore the lesser-known Apache Dubbo risks that weren’t well documented until now, and delve into the importance of clean code ensuring clarity, maintainability, and comprehensibility.

Read article >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/a9721003-a658-4ae8-a32e-9fdee3a84740/java_21_new_rules_blog_index.webp
Blog Post

Ensuring the right usage of Java 21 new features

Last September 2023 Java 21 was released as the latest LTS (Long Time Support). But taking advantage of the changes and new features, which we are not used to including in our code, can be a tough task. Also, it can lead to improper use or poor uptake, bugs, or basically not taking full advantage of new improvements.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/69c9a58f-4ba6-4c43-be6c-1b5f6d5a4db0/development_speed_and_code_quality_blog_index.webp
Blog post

Technical debt’s impact on development speed and code quality

By acknowledging the impact of technical debt and embracing proactive solutions like Sonar, development teams can mitigate its effects and build software that is resilient, reliable, and scalable.

Read article >