Blog
Sonar's latest blog posts
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
Java SAST Benchmarks: why you shouldn't trust them blindly
Java SAST Benchmarks: why you shouldn't trust them blindly
Read blog post >
Interview with Sonar Java Enthusiasts
Interview with Sonar Java Enthusiasts
Read blog post >
ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code
Sonar founder and co-CEO, Olivier Gaudin, sits down with ISMG's Tom Field at Black Hat USA 2023 to discuss how development can be improved to avoid security issues.
Read blog post >
Why I’m passionate about Static Analysis and how I helped make it better
Why I’m passionate about Static Analysis and how I helped make it better
Read blog post >
A comprehensive guide to the dangers of Regular Expressions in JavaScript
A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript
Read blog post >
Unzipping Dangers: OpenRefine Zip Slip Vulnerability
Extracting archives can be very dangerous. Read more about a critical Zip Slip vulnerability SonarCloud detected in the open-source application OpenRefine.
Read article >
Sonar's Scoring on the Top 3 Java SAST Benchmarks
Enhancing SAST Detection: Sonar's Scoring on the Top 3 Java SAST Benchmarks
Read blog post >
Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity
Our Vulnerability Research team discovered a critical vulnerability in the popular CI/CD server TeamCity, which attackers could use to steal source code and poison build artifacts.
Read article >
Open Source Summit 2023
Open Source Summit 2023
Read blog post >
5 Clean Code Tips for Reducing Cognitive Complexity
Understanding how Cognitive Complexity works will help guide you on where to focus your time. This blog dives into how this Sonar-exclusive metric was formulated to accurately measure the relative understandability of methods.
Read article >
Remote Code Execution in Tutanota Desktop due to Code Flaw
Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.
Read article >