Sonar's latest blog posts

Featured Post

The Coding Personalities of Leading LLMs

Make smarter AI adoption decisions with Sonar's latest report in The State of Code series. Explore the habits, blind spots, and archetypes of the top five LLMs to uncover the critical risks each brings to your codebase.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/7f6e6498-f9d3-4c75-8cb2-16917f0d95c2/LLMs-coding-personalities_featured-blog%402x.webp
Blog post

Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)

It's time to wrap up our series on the security of Visual Studio Code with new vulnerabilities in the NPM integration, bypassing the Workspace Trust security feature.

Read article >

SonarQube 10.3 Release Announcement Image
Blog post

SonarQube Server 10.3 Release Announcement

The new SonarQube Server 10.3 release is out now, including Secrets Detection at the Source, Clean Code Taxonomy & Clean as You Code Updates, Automate Provisioning GitHub Projects and Teams, 2023 CWE Top 25 Report, the Blazor Framework, and Stronger Security.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog post

Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers vulnerabilities our researchers discovered in third-party extensions.

Read article >

Blog post

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Sonar's Scoring on the Top 3 C# SAST Benchmarks

Read blog post >

Blog post

Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)

We took a look at the security of the most popular code editor, Visual Studio Code! This blog post covers common risks and attack surfaces so you know what to expect when using it.

Read article >

Blog post

Linux Foundation Chat: Open Source & Clean Code

Linux Foundation Executive Director Jim Zemlin joins Sonar Founder and co-CEO Olivier Gaudin to discuss Clean Code, open-source development, cybersecurity, and more!

Read article >

Blog post

Shifting Right for Secure Platforms and DevOps

Dev tooling is not only helping shift issues left, but the tools also help identify issues that happen later, or to the right, in the development lifecycle. Like detecting secrets before they go into production or platform configuration issues.

Read article >

Blog post

Younger open source maintainers are significantly more likely to use AI-based coding tools

Those who are not using AI-based coding tools mostly have no plans to use them in the future either, with 45% selecting that option and only 6% not using them today, but planning to in the future.

Read article >

Blog post

Highlights from Hexacon 2023

Last week, members of our AppSec and Vulnerability Research teams attended the Hexacon in Paris to learn, share, and network. Read more about our highlights.

Read article >

Blog post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do. It feels like in the last couple of years, we finally managed to settle on what we had been looking for from the beginning: Clean Code. But what is Clean Code, and what does it encompass?

Read blog post >

Blog post

Security Vulnerabilities in CasaOS

We recently uncovered two critical code vulnerabilities in the personal cloud system CasaOS. Let's see what we can learn from them.

Read article >