Sonar's latest blog posts
The Coding Personalities of Leading LLMs
Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.
C# Logging Best Practices with .NET
Are you writing logging code in your app? Logging correctly can be tricky. It is an important part of tracking the progress of your app while running and determining the origin of problems when they arise. In this blog post Denis Troller walks you through common pitfalls and logging best practices when coding in C# with .NET.
Read blog post >
xz utils hack: what is it?
Late last week, a developer noticed some unusual behavior on their computer, investigated it, and uncovered a hack of epic scope, in an obscure but important library called xz.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Apache Dubbo Consumer Risks: The Road Not Taken
Explore the lesser-known Apache Dubbo risks that weren’t well documented until now, and delve into the importance of clean code ensuring clarity, maintainability, and comprehensibility.
Read article >
Ensuring the right usage of Java 21 new features
Last September 2023 Java 21 was released as the latest LTS (Long Time Support). But taking advantage of the changes and new features, which we are not used to including in our code, can be a tough task. Also, it can lead to improper use or poor uptake, bugs, or basically not taking full advantage of new improvements.
Read blog post >
Technical debt’s impact on development speed and code quality
By acknowledging the impact of technical debt and embracing proactive solutions like Sonar, development teams can mitigate its effects and build software that is resilient, reliable, and scalable.
Read article >
Digital Operational Resilience Act (DORA) Compliance for Financial Entities
Leveraging Sonar solutions to ensure code security by design
Read article >
Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices
Our vulnerability researchers discovered critical vulnerabilities in Erxes with the help of SonarQube Cloud. Learn about the details and how to triage such issues in your own code!
Read article >
__dirname is back in Node.js with ES modules
Node.js is reducing friction when using ES modules by making it easier to get the current module directory name
Read blog post >
#CleanCodeTips: Unlock Your Coding Potential
As software development evolves, keeping up with best practices, the latest trends, and ensuring your code remains top-notch can feel like sailing uncharted waters. Sonar has the Clean Code tips for you!
Read article >
Reply to calc: The Attack Chain to Compromise Mailspring
Learn how an attacker can combine multiple security vulnerabilities to achieve arbitrary code execution on a victim that tries to reply or forward a malicious mail in Mailspring.
Read article >
Are You Ready For PCI DSS 4.0?
PCI DSS 3.2.1 is being retired on March 31, 2024. Are you ready for the new standard, PCI DSS 4.0?
Read article >