Sonar Logo
Start for Free -->Explore Pricing -->

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

Uncovering hidden security vulnerabilities with deeper SAST

Security vulnerabilities can be hidden in your third-party dependency code. Uncover them with deeper SAST.

Read more -->
https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/b8f6faa7-8804-46c3-a94f-282058577aea/Code%20Security%20Advent%20Calendar%202022_Hero.jpg
Blog post

Code Security Advent Calendar 2022

The year is slowly coming to an end and it’s time again to look back and reflect on the great fun and achievements of the year. This is where we would like to thank our community and share a little gift, as we do every December since 2016.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/6506452b-8144-4a65-ac18-a1343a358588/Lesser%20spotted%20React%20mistakes-Zombie%20methods_Hero.jpg
Blog post

Lesser spotted React mistakes: Zombie methods

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising. Part 2.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/6152bf00-b2d0-4f3d-852c-6555194c1119/Doing%20More%20with%20Less%20in%20Uncertain%20Times_Hero%402x.png
Blog post

Doing More with Less in Uncertain Times

Even though efficiency of all work processes is a goal of any business striving for success, it is even more of a challenge given the current economic climate. This bar shifts higher every day.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/8d960daa-e1d0-4e94-b772-0b0a09889b66/Checkmk-Remote%20Code%20Execution_Hero%402x.png
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3)

This last article of the series determines how an attacker can chain two further vulnerabilities to fully take over a Checkmk server.

Read Blog post >

KubeCon and CloudNativeCon North America 2022
Blog post

A Look Back at KubeCon 2022

The Sonar Team had a great time sponsoring KubeCon 2022 in Detroit. Read about our takeaways from the event...

Read Blog post >

The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)

The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.

Read Blog post >

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.

Read Blog post >

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!
Blog post

Beyond the Rules of Three, Five and Zero

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!

Read Blog post >

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!
Blog post

Bits from Hexacon 2022

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!

Read Blog post >

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting ...
Blog post

Lesser spotted React mistakes: Hooked on a feeling

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/91219eab-8901-4331-a736-11e913911084/hero%402x.jpg
Blog post

SonarQube 9.7 is here!

Check out what’s new in SonarQube 9.7 in this quick video.

Read Blog post >

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its e...
Blog post

Remote Code Execution in Melis Platform

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.

Read Blog post >

Go to SonarSource homepage
Sonar Logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2023, SonarSource S.A, Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.