Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Linux Foundation Chat: Open Source & Code Quality
Linux Foundation Executive Director Jim Zemlin joins Sonar Founder and co-CEO Olivier Gaudin to discuss Code Quality, open-source development, cybersecurity, and more!
Read article >
Shifting Right for Secure Platforms and DevOps
Dev tooling is not only helping shift issues left, but the tools also help identify issues that happen later, or to the right, in the development lifecycle. Like detecting secrets before they go into production or platform configuration issues.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Younger open source maintainers are significantly more likely to use AI-based coding tools
Those who are not using AI-based coding tools mostly have no plans to use them in the future either, with 45% selecting that option and only 6% not using them today, but planning to in the future.
Read article >
Highlights from Hexacon 2023
Last week, members of our AppSec and Vulnerability Research teams attended the Hexacon in Paris to learn, share, and network. Read more about our highlights.
Read article >
What is Code Quality?
If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do. It feels like in the last couple of years, we finally managed to settle on what we had been looking for from the beginning: Code Quality. But what is Code Quality, and what does it encompass?
Read blog post >
Security Vulnerabilities in CasaOS
We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let's see what we can learn from them.
Read article >
Java SAST Benchmarks: why you shouldn't trust them blindly
Java SAST Benchmarks: why you shouldn't trust them blindly
Read blog post >
Interview with Sonar Java Enthusiasts
Interview with Sonar Java Enthusiasts
Read blog post >
ISMG Interview - Securing Applications, Accelerating DevOps with Code Quality
Sonar founder and co-CEO, Olivier Gaudin, sits down with ISMG's Tom Field at Black Hat USA 2023 to discuss how development can be improved to avoid security issues.
Read blog post >
Why I’m passionate about Static Analysis and how I helped make it better
Why I’m passionate about Static Analysis and how I helped make it better
Read blog post >
A comprehensive guide to the dangers of Regular Expressions in JavaScript
A deep investigation into regular expression denial of service (ReDoS) vulnerabilities in JavaScript
Read blog post >