Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (2/2)
In this second part, we delve into JumpServer's code execution vulnerabilities we discovered, and understand their root causes. Learn the importance of threat modeling and adherence to best practices can safeguard your own applications.
Read article >
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2)
Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities we found in JumpServer.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Announcing SonarQube Advanced Security
SonarQube Advanced Security includes Software Composition Analysis (SCA) and advanced Static Application Security Testing (SAST) extending SonarQube's core security capability.
Read article >
Beware the Cookie Monster: Cyberhaven Extension Vulnerability Allowed Cookie Theft
We discovered a vulnerability in Cyberhaven's browser extension that allowed attackers to steal arbitrary cookies from their victims.
Read article >
8 Reasons to Try SonarQube Free Tier
SonarQube Cloud Free tier offers more features that make it a viable alternative to SonarQube Community Build, including pull request analysis, enhanced security, and support for more programming languages. It also provides a maintenance-free experience and seamless DevOps integration. Read on to find out more.
Read article >
SonarQube Server Wins DEVIES Award for Code Testing & Quality Management
SonarQube Server has been honored with a 2025 DEVIES Award, recognizing its commitment to delivering a top-tier code quality and security solution for developers and organizations worldwide.
Read article >
Auto-Detect and Review AI-Generated Code from GitHub Copilot
Sonar can help you keep your AI-generated code from GitHub Copilot up to snuff - here’s how!
Read article >
Sonar Earns SOC 2 Type II Compliance
Sonar achieves SOC 2 Type II compliance, reflecting its dedication to protecting customer data and ensuring the integrity of its operations now and in the future.
Read article >
The AI Revolution in Software Development: A New Era for Developers
What does the future of software development look like? Sonar's Harry Wang, VP of Growth & New Ventures, shares his expert insights.
Read article >
9 More Reasons to Upgrade to SonarQube Server 2025.1 LTA
A new Long-Term Active (LTA) version of SonarQube Server represents a significant amount of work. Since the last LTA release (version 9.9 in February 2023), thousands of development tickets have been merged into SonarQube Server and its underlying components. This includes new features, improvements to existing functionalities, and bug fixes.
Read article >
Enhancing Team Code Reviews with AI-Generated Code
Team Code reviews are essential to the development process. They ensure that the code meets the required standards before being merged into the main branch. Tools like SonarQube are key to making the reviews productive and valuable.
Read article >