Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Who are you? The Importance of Verifying Message Origins
This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.
Read article >
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows
Read blog post >
Lessons learned upgrading to React 18 in SonarQube Server
We share the biggest three issues we faced and the lessons we learned as we upgraded SonarQube Server to React 18.
Read blog post >
Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?
Last week an important judicial ruling came down on a very intriguing case about open source license compliance. In this post, I'll talk about what makes it so interesting and potentially impactful across our industry.
Read article >
Vulnerability Research Highlights 2023
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023.
Read article >
Sonar's Scoring on the Top 3 Python SAST Benchmarks
We're excited to share not only how Sonar performs on Python benchmarks but also the ground truth corresponding to the list of expected and not-so-expected issues.
Read article >
2024 DevOps Predictions from the Sonar Developer Advocate Team
The Developer Advocate team shares their predictions on what they foresee for DevOps trends and hot topics in 2024.
Read article >
2024 Security Predictions from the Sonar Research Team
Reflecting on changes in the industry over the past year, as well as the research we’ve published, the Sonar Vulnerability Research team came together and compiled our thoughts on what we foresee for cybersecurity in 2024.
Read Blog >
Sonar @ Black Hat Europe!
Last week, several SonarSourcers traveled to London to attend our third Black Hat event of the year. Here's what happened!
Read article >
pfSense Security: Sensing Code Vulnerabilities with SonarQube Cloud
Our Code Quality solution SonarQube Cloud discovered multiple vulnerabilities leading to remote code execution on pfSense CE 2.7.0. Let's see how SonarQube Cloud found them and how it can keep your code clean.
Read blog post >