Sonar's latest blog posts
The future is AC/DC: the Agent Centric Development Cycle
The era of Continuous Integration, with its familiar processes and workflows, is rapidly coming to an end. Traditional CI relies on developers making small, frequent, iterative commits. Today, the “continuous” part is changing.
Category
The intelligent approach to achieve MISRA C++:2023 compliant source code
SonarQube provides an intelligent, high-precision, and integrated solution for development teams to achieve full, friction-free compliance with the MISRA C++:2023 coding standard for C++17 safety-critical applications.
Read article >
Zombie Workflows: A GitHub Actions horror story
Our research team recently discovered an exploitable pattern in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
The Cloudflare outage and why code quality matters more than ever
This blog post looks at how seemingly small decisions can have massive effects, and the importance of prioritizing code quality to build reliable software.
Read article >
A technical look at SonarSweep for GPT-OSS-20B
This release is not intended to compete with state-of-the-art (SOTA) reasoning models. Instead, it serves as a technical demonstration of how training data quality impacts the quality of a model’s code generation output.
Read article >
Why prioritizing code quality is the fastest way to reduce security risks
The common perception is that a security vulnerability is a rare, complex attack pattern. In reality, the journey of most flaws begins much earlier and much more simply: as a code quality issue. For both developers and security practitioners, understanding this lifecycle is crucial to building secure, reliable, and maintainable software.
Read article >