Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/ef593040-b591-0198-9506-ed88b30bc023/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image shows various elements of code security, languages and bugs
Blog post

Apache Kylin 3.0.1 Command Injection Vulnerability

We discovered a severe command injection vulnerability in Apache Kylin that allows malicious users to execute arbitrary OS commands.

Read Blog >

Teams will be joining forces in building best-in-class Static Application Security Testing (SAST) products that help development teams and organizations deliver more secure software.
Blog post

SonarSource acquires RIPS Technologies

Teams will be joining forces in building best-in-class Static Application Security Testing (SAST) products that help development teams and organizations deliver more secure software.

Read Blog >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By clicking “Sign up”, you consent to receive email communications from SonarSource containing blog updates, product news, and other relevant content. We will store and process your personal data for this purpose as described in our Privacy Policy. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us in accordance with the Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect ...
Blog post

Exploiting Hibernate Injections

Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect and exploit Hibernates very own vulnerability: The HQL Injection.

Read Blog >

Image for What is 'taint analysis' and why do I care?
Blog post

What is 'taint analysis' and why do I care?

In large systems, finding the bad actors is easier said than done. First you have to find all the places you accept data from users, and then you have to sanitize the data before you use it. The hard part is making sure you've found all the sources of user data and intervened before any kind of use. That's where taint analysis comes in.

Read Blog >

Image for The state of the copyleft license
Blog post

The state of the copyleft license

In this post, I want to go a little deeper into one important type of license: those that require sharing of modifications under certain conditions, often called “copyleft” or “reciprocal” licenses

Read article >

This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress c...
Blog post

WordPress <= 5.2.3: Hardening Bypass

This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Clean as You Code: How to win at Code Quality without even trying

Analyzing a legacy project can be overwhelming. Learn how to Clean as You Code to make sure that the code you release into production tomorrow is at least as good as - and probably better than! - the code that's in production today.

Read Blog >

Image for Bit Rot: the silent killer
Blog post

Bit Rot: the silent killer

Your code is rotting right now. Every day, each one of your production services, internal tools, and open source libraries decays a little bit.

Read article >

Image for Package management: a brief history
Blog post

Package management: a brief history

Application developers today are used to relying on and pulling in a number of open source libraries to help them focus on the functionality that’s important to their business.

Read article >

Image for The simple magic of package manifests and lockfiles
Blog post

The simple magic of package manifests and lockfiles

If you aren’t using open source components to build your apps, you’re not living in 2019. Our research suggests 92% of professional applications are built using open source.

Read article >

BigTree is a small content management system which does not depend on many frameworks and advertises itself as user friendly and developer ready. In this blog post, we will take a look at...
Blog post

Backend SQL Injection in BigTree CMS 4.4.6

BigTree is a small content management system which does not depend on many frameworks and advertises itself as user friendly and developer ready. In this blog post, we will take a look at a few vulnerabilities we have detected in the codebase of BigTree.

Read Blog >

Go to SonarSource homepage
sonar logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
Español (Spanish)
  • Documentación jurídica
  • Centro de confianza

© 2025 SonarSource Sàrl. Todos los derechos reservados.