Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)
We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.
Read Blog >
Beyond the Rules of Three, Five and Zero
After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!
Read Blog >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Bits from Hexacon 2022
Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!
Read Blog >
Lesser spotted React mistakes: Hooked on a feeling
This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising.
Read Blog >
SonarQube Server 9.7 is here!
Check out what’s new in SonarQube Server 9.7 in this quick video.
Read Blog >
Remote Code Execution in Melis Platform
We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.
Read Blog >
AI-based coding tools are thriving, and maintainers have some valid concerns about the impact on their work
One of the biggest AI-related headlines of 2024 has been the rapid growth and acceptance of AI-based coding tools.
Read article >
Bad code costs more than just your money
Bad code doesn’t just disappear and the consequences of overlooking it can be costly.
Read Blog >
The Rules of Three, Five and Zero
The Rule of Three was coined back in 1991. That expanded to the Rule of Five with C++11's move semantics - and even that was then subsumed by The Rule of Zero. But what are all these rules? And do we have to follow them?
Read Blog >
Five SonarQube Cloud features for developers that want Clean Code
Whether you’re working on a new project or an existing one, you might think of Clean Code as an ideal, somewhere far out of reach. Let’s go over 5 key features that make SonarQube Cloud the perfect tool for developers and development teams to deliver Clean Code consistently and efficiently, without disrupting the existing development workflow.
Read Blog >
Securing Developer Tools: A New Supply Chain Attack on PHP
What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!
Read Blog >