Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
AI CodeFix is now generally available
AI CodeFix seamlessly integrates AI-driven code fix suggestions into your development workflow with no additional cost for eligible SonarQube subscriptions.
Read article >
SonarQube Server 2025.4 LTA : Faster analysis, stronger security, better coverage
Our new 2025.4 LTA release empowers developers with significant advancements to enhance code quality, security, and efficiency across multiple languages for your projects and while using open-source code.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Cyber Resilience Act: Navigating speed and security with AI-coding
Modern software development is caught between two powerful forces. On one hand, generative artificial intelligence (AI) coding tools are supercharging development velocity at the expense of rigorous security review.
Read article >
Java 23: Embrace the new era of code comments
We’ve covered Java 22, and are now getting into Java 23, which introduces several new language features. We’ll focus on enhancing documentation, and how to leverage the new features with simple examples.
Read article >
What's the top bug in your language? Find out in The State of Code: Languages report
The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.
Read article >
How Sonar Helps Achieve a Strong SOC 2 Type II Report
An SOC 2 Type II report is a critical attestation for service organizations, demonstrating their commitment to securely managing customer data over time. Learn how SonarQube can streamline your SOC 2 compliance journey!
Read article >
Deploy SonarQube Server on Kubernetes with Terraform
This guide will walk through how to deploy SonarQube Server Enterprise on a Kubernetes cluster using Terraform.
Read article >
Protecting your AI code: How SonarQube defends against the "Rules File Backdoor"
This case highlights an issue where configuration files were manipulated through hidden Unicode characters, which is a vector now commonly referred to as the "Rules File Backdoor".
Read article >
Java 22: Leverage unnamed variables and patterns
Java 22 introduces several new language features but there’s one particularly important. This article shows you how to leverage the Unnamed variables and patterns with simple examples.
Read article >
How SonarQube enables DORA compliance for financial institutions
The financial services industry stands at a critical juncture. With the Digital Operational Resilience Act (DORA) now fully in effect across the European Union, financial institutions must demonstrate robust cybersecurity and operational resilience capabilities.
Read article >
Tame technical debt with insights from The State of Code: Maintainability report
Tame technical debt with insights from The State of Code: Maintainability report
Read article >