Sonar Logo
Start for Free -->Explore Pricing -->

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

Uncovering hidden security vulnerabilities with deeper SAST

Security vulnerabilities can be hidden in your third-party dependency code. Uncover them with deeper SAST.

Read more -->
https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/22b2d211-1dae-47d2-a6a1-a733028c3381/redos_attacks_in_javascript_blog_index.webp
Blog post

A comprehensive guide to the dangers of Regular Expressions in JavaScript

A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/77ca6fd8-b2f6-48fb-b993-34ffcfd141a5/openrefine_zip_slip_blog_index.webp
Blog post

Unzipping Dangers: OpenRefine Zip Slip Vulnerability

Extracting archives can be very dangerous. Read more about a critical Zip Slip vulnerability SonarCloud detected in the open-source application OpenRefine.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/dafabf0e-e7da-494e-8dd9-79b36ba68869/java_sast_benchmarks_part_2_blog_index.webp
Blog post

Sonar's Scoring on the Top 3 Java SAST Benchmarks

Enhancing SAST Detection: Sonar's Scoring on the Top 3 Java SAST Benchmarks

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/c98d8cef-13c5-41ae-99a2-5d1dffaa51c9/teamcity_vulnerability_blog_index.webp
Blog post

Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity

Our Vulnerability Research team discovered a critical vulnerability in the popular CI/CD server TeamCity, which attackers could use to steal source code and poison build artifacts.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/bc352588-9c6f-4da9-ad87-305da97379c5/open_source_summit_summary_blog_index.webp
Blog Post

Open Source Summit 2023

Open Source Summit 2023

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/966004b2-df51-4096-b4e1-676024cbd862/cognitive-complexity-guide_hero-index.webp
Blog post

5 Clean Code Tips for Reducing Cognitive Complexity

Understanding how Cognitive Complexity works will help guide you on where to focus your time. This blog dives into how this Sonar-exclusive metric was formulated to accurately measure the relative understandability of methods.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/e36b96c9-2703-4d5c-9fe2-bc821c5eaaee/stealing_with_style_tutanota_blog_index_v2.webp
Blog post

Remote Code Execution in Tutanota Desktop due to Code Flaw

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers an XSS vulnerability in Tutanota Desktop and how it can be prevented.

Read article >

Java JDK 21 LTS features
Blog post

The new JDK LTS is out! Long live JDK 21! Well, for the next 8 years.

Let's check what the new Java JDK21 LTS brings

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/4289fda4-078a-471e-8279-a4f2aec97ef0/enhancing_software_dev_through_sq_blog_feature.webp
Blog post

Enhancing Software Development Practices through SonarQube: A Path to Continuous Learning

With SonarQube, organizations can readily deploy workflows integrated directly into their pipelines to build on their teams’ skill sets and create resiliency to new risks.

Read article >

Get the benefits of TypeScript without writing TypeScript
Blog post

Typing your JavaScript without writing TypeScript

TypeScript already understands JavaScript, but you can get more out of it when you add types to your JavaScript with JSDoc or TypeScript declaration files

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/335fcf6a-370b-44cf-b1c0-70a0943d9c66/stealing_with_style_skiff_blog_index_v3.webp
Blog post

Code Vulnerabilities Put Skiff Emails at Risk

Our Research team discovered critical code vulnerabilities in Proton Mail, Skiff, and Tutanota. This post covers the technical details of the XSS vulnerability in Skiff.

Read article >

https://assets-eu-01.kc-usercontent.com:443/6cc4ce1e-8db0-0171-a6b3-352aa24017de/d2904482-a417-4538-a97a-71dd20e227b0/security_guy_tv_interview_blog_index.webp
Blog post

Security Guy TV Interview - Going Deeper with SAST and Clean Code

Sonar CEO, Olivier Gaudin, and Head of Research and Development, Johannes Dahse, meet with Security Guy TV’s Chuck Harold to discuss deeper SAST and the importance of Clean Code.

Read article >

Go to SonarSource homepage
Sonar Logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2023, SonarSource S.A, Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.