Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
Protecting your AI code: How SonarQube defends against the "Rules File Backdoor"
This case highlights an issue where configuration files were manipulated through hidden Unicode characters, which is a vector now commonly referred to as the "Rules File Backdoor".
Read article >
Java 22: Leverage unnamed variables and patterns
Java 22 introduces several new language features but there��’s one particularly important. This article shows you how to leverage the Unnamed variables and patterns with simple examples.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Cómo SonarQube facilita el cumplimiento de DORA para las instituciones financieras
El sector de servicios financieros se encuentra en un momento crítico. Con la Ley de Resiliencia Operativa Digital (DORA) ya plenamente vigente en toda la Unión Europea, las instituciones financieras deben demostrar sólidas capacidades de ciberseguridad y resiliencia operativa.
Leer artículo >
Tame technical debt with insights from The State of Code: Maintainability report
Tame technical debt with insights from The State of Code: Maintainability report
Read article >
Securing Kotlin Apps With SonarQube: Real-World Examples
Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.
Read article >
The biggest security risks unveiled in The State of Code: Security report
The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.
Read article >
The State of Code: Introducing Sonar’s new code quality report series
Sonar's new report series analyzes 7.9B lines of code to reveal the most common issues and how to fix them.
Read article >
Day in the Life: What Being a Sonar Support Engineer Looks Like
What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.
Read Blog >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.
Read article >