Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image for CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained
Blog post

CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained

We discovered critical code vulnerabilities in CiviCRM, a popular CRM plugin for Wordpress, Joomla and Drupal. Learn more about how to find and patch these issues.

Read Blog >

SonarQube 8.9 LTS is here! Not every improvement could be mentioned in the release announcement, so check out these LTS easter eggs that make this the Best LTS Ever.
Blog post

7 more reasons to upgrade to SonarQube Server 8.9 LTS

SonarQube Server 8.9 LTS is here! Not every improvement could be mentioned in the release announcement, so check out these LTS easter eggs that make this the Best LTS Ever.

Read Blog >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

With SonarQube 8.9 LTS, SonarSource has made failing the pipeline available for everyone, using any CI you want. But with great power comes ... well, you know. In this post you'll learn w...
Blog post

Broken pipelines for everyone!

With SonarQube Server 8.9 LTS, SonarSource has made failing the pipeline available for everyone, using any CI you want. But with great power comes ... well, you know. In this post you'll learn what went into the decision to make this available and what you'll want to watch out for when you use it.

Read Blog >

Image shows various elements of code security, languages and bugs
Blog post

Grav CMS 1.7.10 - Code Execution Vulnerabilities

We responsibly disclosed two code execution vulnerabilities in Grav CMS, one of the most popular flat-file PHP CMS in the market. Let’s see what we can learn from them and discuss their patches!

Read Blog >

Person compromising Zimbra webmail through email on a computer
Blog post

NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket

We recently discovered vulnerabilities in Rocket.Chat, a popular team communications solution, that could be used to take over Rock.Chat instances.

Read Blog >

In April 2021, we updated our JavaScript and TypeScript SAST engines to explore more execution flows, increase performance and improve overall accuracy. It now goes far beyond what we did...
Blog post

What to expect from JavaScript/TypeScript analysis on OWASP JuiceShop

In April 2021, we updated our JavaScript and TypeScript SAST engines to explore more execution flows, increase performance and improve overall accuracy. It now goes far beyond what we did in the past for these languages. With this post, we’re going to tell you what you can expect for these languages, and more specifically which vulnerabilities can be detected.

Read Blog >

SonarQube 8.9 Long Term Support (LTS) is officially here! Check out this list of tips & tricks on how to upgrade your environment from start to finish.
Blog post

SonarQube Server 8.9 LTS: 3 steps to a smooth upgrade

SonarQube Server 8.9 Long Term Support (LTS) is officially here! Check out this list of tips & tricks on how to upgrade your environment from start to finish.

Read Blog >

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.
Blog post

PHP Supply Chain Attack on Composer

We recently discovered a vulnerability in Composer, the main package manager for PHP, and were able to use it to take over the central repository, packagist.org.

Read Blog >

In this blog post we analyze a XXE vulnerability that our analyzers discovered in WordPress, the most popular CMS, and what PHP 8 developers can learn from it.
Blog post

WordPress 5.7 XXE Vulnerability

In this blog post we analyze a XXE vulnerability that our analyzers discovered in WordPress, the most popular CMS, and what PHP 8 developers can learn from it.

Read Blog >

Our security research team discovered multiple code vulnerabilities in the NSA's Java application Emissary. Find out more about these issues and related attacks.
Blog post

Code Vulnerabilities in NSA Application Revealed

Our security research team discovered multiple code vulnerabilities in the NSA's Java application Emissary. Find out more about these issues and related attacks.

Read Blog >

Last September, we announced that mono-repository support was added for GitHub and Azure DevOps Services. The good news is: mono-repository support is now also available for Bitbucket Clo...
Blog post

Mono-repository support for Bitbucket Cloud now available for SonarQube Cloud!

Last September, we announced that mono-repository support was added for GitHub and Azure DevOps Services. The good news is: mono-repository support is now also available for Bitbucket Cloud! See what it brings and how you can configure it in SonarQube Cloud.

Read Blog >

Go to SonarSource homepage
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
简体中文 (Simplified Chinese)
  • 法律文件
  • 信任中心

© 2025 SonarSource Sàrl。版权所有。