Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Encoding Differentials: Why Charset Matters
The absence of charset information seems to be a minor issue for a web application. This blog post explains why this is a false assumption and highlights the critical security implications.
Read article >
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2)
Learn about critical code vulnerabilities we discovered in Gogs, a source code hosting solution. This follow-up covers how less severe flaws can still have a critical impact.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Utilisation et compréhension du serveur SonarQube pour la couverture de code
La couverture de code est un indicateur essentiel pour évaluer l'efficacité de vos efforts en matière de test de code. SonarQube Server, une puissante solution d'analyse statique de code, s'intègre parfaitement aux outils de couverture de code, permettant ainsi aux développeurs d'écrire un code plus propre, plus sûr et minutieusement testé.
Read article >
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2)
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
Read article >
The True Cost of Bad Code in Software Development
Despite advances in technology and methodologies, the costs associated with fixing bad code continue to escalate, impacting businesses financially and operationally. But what is bad code, what are the clear markers of its negative impact, and how can organizations overcome it?
Read article >
SonarQube Server 10.6 Release Announcement
The 10.6 release of SonarQube Server includes some significant changes, such as autoscaling in Kubernetes, AutoConfig for C and C++ projects, support for running in a FIPS-enforced environment, set rule priority to uphold your coding standards, easy setup of monorepos, monitoring the time it takes to upgrade, and expanded library coverage for AI/ML developers.
Read article >
Green Coding with Code Quality - A Recap of ecoCode Challenge Paris 2024
ecoCode Challenge Paris represents an opportunity to unite innovation and sustainable coding. As a proud sponsor, we are excited to see how SonarQube Server is empowering developers to prioritize environmental sustainability in their projects.
Read article >
Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages
Our research team discovered two vulnerabilities in mailcow, an email server solution. Attackers could compromise an instance, impersonate users, and steal emails.
Read article >
Integrating SonarQube Cloud with Amazon CodeCatalyst for Code Analysis
Sonar recently announced the integration of SonarQube Cloud with Amazon CodeCatalyst. This blog post guides you through integrating SonarQube Cloud, a cloud-based Code Quality solution, with Amazon CodeCatalyst.
Read blog post >
![Image for An Open Letter to Sonar[Qube] Users](https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/7dd61237-88ff-4c96-aa5b-7755f58e36eb/open_letter_blog_index.webp?w=352&h=217&dpr=2&fit=crop&q=70)
An Open Letter to Sonar[Qube] Users
Sonar’s new President of Field Operations introduces herself and reiterates the company's continued commitment to enabling organizations to succeed.
Read blog post >
mXSS:コードに潜む脆弱性
XSSはよく知られたバグの一種ですが、ここ数年でmXSSと呼ばれるあまり知られていないが効果的な亜種が登場しています。本ブログでは、このXSS亜種の基礎を解説し、その防御策について検証します。
記事を読む >