Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Day in the Life: What Being a Sonar Support Engineer Looks Like
What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.
Read Blog >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.
Read article >
Solving the Engineering Productivity Paradox
There's a huge focus on speeding up code production using tools like GitHub Copilot, Cursor, and others. And the results are honestly stunning, but increasingly, the bottleneck popping up is in the code review phase. Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.
Read article >
From database burden to cloud efficiency: Sonar's journey to faster processing & lower costs
This post details how we cut the file storage cost on SonarQube Cloud by 90 percent while extracting 3.4 TB of data from a relational database to a more suitable storage option.
Read article >
Double Dash, Double Trouble: A Subtle SQL Injection Flaw
Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!
Read article >
SonarQube Server 2025 Release 3 Announcement
SonarQube Server 2025 Release 3 unifies your tooling for code quality and code security with GA for Advanced Security (SCA & advanced SAST), Kotlin SAST support, more secrets detection, end of Early Access for AI CodeFix, expanded compliance (MISRA, CWE, OWASP Mobile), enhanced language coverage (Rust, Java, PySpark) and extended architectural protection.
Read article >
Advances in SonarQube's Bug Detection
At Sonar we strive to provide the tools to help you to create the highest quality code possible. One of the biggest quality challenges is to find the bugs related to how your application is executed. SonarQube's advanced bug detection does just that.
Read article >
Sonar Named Leader in G2 Spring Report
We are excited to share that the G2 Spring 2025 reports were recently released, and once again, Sonar has been named the LEADER in Static Code Analysis!
Read article >
9 Steps to a Successful SonarQube Cloud Team Plan Trial
To maximize the benefits of your SonarQube Cloud Team Plan trial, it's essential to approach your free 14 days with a clear plan. Discover helpful tips to learn more about the product and get familiar with SonarQube Cloud Team Plan capabilities.
Read article >
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.
Read article >