Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire
Modern JavaScript front-end frameworks protect your application from XSS vulnerabilities by automatically escaping untrusted content. This built-in feature can be bypassed intentionally, which should be taken with great care.
Read article >
The Red Hat IPO experiment to pay maintainers: 25 years later
Twenty five years ago this week, on August 11, 1999, Red Hat went public in a stock offering that at the time was one of the largest ever, ending its first day of trading worth $3.5 billion.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
How Sonar Helps meeting NIST SSDF Code Security Requirements
Sonar’s solutions, including SonarQube for IDE, SonarQube Server, and SonarQube Cloud, help you meet NIST SSDF code security requirements and enhance overall code quality. Find out how.
Read article >
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
Sonar’s R&D team discovered a Cross-Site Scripting vulnerability in Roundcube. Similar vulnerabilities in Roundcube have been used by APTs to steal government emails.
Read article >
Now Introducing, SonarQube Cloud Enterprise and SonarQube Cloud Team
We are excited to expand our SonarQube Cloud offering with the availability of two new plans, SonarQube Cloud Enterprise and SonarQube Cloud Team.
Read article >
What Code Issues Caused the CrowdStrike Outage?
This blog post takes a look at the potential code issues behind the recent global CrowdStrike outage.
Read article >
Deliver high-quality ASP.NET Core web apps with Sonar.
Sonar recently added new rules for ASP.NET WebAPI and ASP.NET MVC. In this blog post, we discuss the details of these frameworks within ASP.NET Core and how Sonar’s solutions help keep your ASP.NET web apps clean and free of issues.
Read article >
G2 Grid Report for Static Code Analysis: Sonar Named a Leader for Sixteenth Consecutive Quarter
G2 has once again ranked Sonar #1 in Static Code Analysis in the Summer 2024 Grid Report. In addition to leading the pack in each of the Enterprise, Mid-Market, and Small Business segments for Static Code Analysis, Sonar was also named a leader in the Static Application Security Testing (SAST) category.
Read article >
AutoConfig: C++ Code Analysis Redefined
Abbas Sabra covers a groundbreaking technology: AutoConfig for C and C++. It automates the normally complex setup process, making project setup a breeze. AutoConfig is designed to make code analysis free of complications bringing Code Quality to the fingertips of every C and C++ developer.
Read article >
Encoding Differentials: Why Charset Matters
The absence of charset information seems to be a minor issue for a web application. This blog post explains why this is a false assumption and highlights the critical security implications.
Read article >
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2)
Learn about critical code vulnerabilities we discovered in Gogs, a source code hosting solution. This follow-up covers how less severe flaws can still have a critical impact.
Read article >