Sonarの最新ブログ記事
The future is AC/DC: the Agent Centric Development Cycle
おなじみのプロセスやワークフローを特徴とする継続的インテグレーション(CI)の時代は、急速に終わりを迎えつつあります。従来のCIは、開発者が小規模で頻繁な反復的なコミットを行うことを前提としていました。今日、「継続的」という側面そのものが変化しつつあります。
Category
Arbitrary code execution and Claude Code CLI: How Claude executed code before you click 'trust'
We discovered different ways an untrusted folder can execute arbitrary code in Claude Code before the user is prompted with the trust dialog, allowing for potential compromise when cloning untrusted projects!
Read article >
GPT-5.5’s biggest blind spot: the Java bugs your tests won’t catch
Sonar’s LLM Leaderboard reveals concurrency bugs in AI generated Java code that pass tests but break in production due to thread timing issues.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
When linting is not enough
Is linting enough for AI-generated code? Discover why deep static analysis, control flow, and taint analysis are critical to preventing vulnerabilities and architectural decay in agent-centric development.
Read article >
Claude Opus 4.7: An evaluation review & metrics benchmarks
Discover how Claude Opus 4.7 cuts code volume by 40% but increases vulnerability risks. See the full technical audit of bugs, complexity, and code smells.
Read article >
OpenAI GPT-5.5: An evaluation
Is OpenAI's GPT-5.5 safe for production? Explore our independent 4,444-task Java benchmark. See why its security is top-tier but its 'verification debt' is high.
Read article >