Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
AI generated code is detected in project
Patches, Collisions, and Root Shells: A Pwn2Own Adventure
Blog post

Patches, Collisions, and Root Shells: A Pwn2Own Adventure

We dive into the technical details of the vulnerabilities we identified as part of last year's Pwn2Own competition.

Read article >

Image for No, C++ static analysis does not have to be painful
Blog post

No, C++ static analysis does not have to be painful

No C and C++ static analysis does not need to mean difficult configuration and pain. We explain how Sonar has made the impossible possible with one-click analysis for projects hosted in GitHub. A free automatic analysis of C and C++ projects.

Read blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for WeAreDevelopers 2023 - what did you miss?
Blog post

WeAreDevelopers 2023 - what did you miss?

The Sonar team of developers are just returning from their trip to Berlin where they attended WeAreDevelopers 2023. If you were not able to make it, here is what you missed.

Read blog post >

Image for Working with Multiple Code Variants in C++
Blog post

Working with Multiple Code Variants in C++

Multiple variants of C++ code-bases at build time are a necessary evil on most projects - even if that's just debug and release. This has always made analysis more complex. But now, with first class support in SonarQube Server, multiple code variants are easier to analyze and understand.

Read article >

Image for the blog A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State
Blog post

A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State

Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.

Read article >

Cover image of research document
Blog post

New Research from Sonar on Cost of Technical Debt

New original research from Sonar puts a spotlight on the millions of dollars that businesses lose when they fail to implement an optimal approach for software development.

Read Blog post >

Phil Nash and Ben Dechrai being interviewed about how they started their careers as developers blog image.
Blog post

How I started my career as a developer

Interviews with Sonar’s Developer Advocates on their careers and what Clean Code means to them.

Read article >

Image for Why SonarQube Server 9.9 LTS is a must-have for PHP Developers
Blog post

Why SonarQube Server 9.9 LTS is a must-have for PHP Developers

PHP analysis gets faster and better with new rules, fixed false-positives, and much more in SonarQube Server 9.9 LTS.

Read article >

Image for TROOPERS 2023 Conference Takeaways
Blog post

TROOPERS 2023 Conference Takeaways

Read about our key takeaways from the TROOPERS 2023 including our favorite talks and overall experience during the two days conference.

Read article >

Image for TyphoonCon 2023 Wrap Up
Blog post

TyphoonCon 2023 Wrap Up

Last week, our Vulnerability Researchers traveled to TyphoonCon 2023 in Seoul to present their talk "Patches, collisions and root shells: a Pwn2Own Adventure".

Read article >

Image for Why ORMs and Prepared Statements Can't (Always) Win
Blog post

Why ORMs and Prepared Statements Can't (Always) Win

We always assume prepared statements and ORMs are enough to protect us from SQL injection, but be careful not to misuse their APIs! Let's look into a real-world case and see what we can learn from it.

Read article >