Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image for How timely delivery comes from transparent outsourced software development communication
Blog post

How timely delivery comes from transparent outsourced software development communication

Ineffective communication impacts everything in software development. To ensure your next project meets expectations, transparent communication is essential for driving timely delivery when working with internal and external development teams.

Read article >

Image for Builders, Withers, and Records - Java’s path to immutability
Blog Post

Builders, Withers, and Records - Java’s path to immutability

We know that immutable objects are easier to maintain, lead to fewer errors, and are multi-thread friendly. This article will show two different approaches to creating objects: Builders and Withers, along with a new type of immutable object in Java: Records

Read blog post >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By clicking “Sign up”, you consent to receive email communications from SonarSource containing blog updates, product news, and other relevant content. We will store and process your personal data for this purpose as described in our Privacy Policy. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us in accordance with the Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Blog post

Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities

Our Code Quality solution, SonarQube Cloud, led us to a severe security issue in the popular Content Management System Joomla.

Read article >

A stylistic Venn diagram
Blog post

Union, intersection, difference, and more are coming to JavaScript Sets

The JavaScript Set was introduced to the language in the ES2015 spec, but it has always seemed incomplete. That's about to change with the addition of functions like intersection, union and difference.

Read blog post >

The SonarQube and React logos
Blog post

Write cleaner React code with SonarQube Server 10.4

SonarQube Server 10.4 was recently released and it includes 48 new rules and one updated rule to help you to write Code Quality in your React applications.

Read blog post >

Image of Sonar's Web API V2
Blog post

Introducing the new Sonar Web API V2

We are modernizing our Web API. In this post, Aurélien Poscia explains how and why.

Read blog post >

Image for Building the foundation for a strong AI future
Blog post

Building the foundation for a strong AI future

Sonar is honored to participate in the newly established U.S. Artificial Intelligence Safety Institute Consortium (AISIC) effort and is excited to join other leaders at the forefront of AI development.

Read article >

Image for 5 Risks of Outsourcing Software Development and How to Avoid Them
Blog post

5 Risks of Outsourcing Software Development and How to Avoid Them

Outsourcing software development requires a clear understanding of the potential risks. In this blog, we discuss five risks of this widely adopted strategy and provide tactics to minimize risk in delivered software.

Read article >

Picture showing SonarQube 10.4 release
Blog post

SonarQube Server 10.4 Release Announcement

The SonarQube Server 10.4 release includes some exciting changes that show the benefit of Code Quality and the Clean as You Code methodology. Scan times are faster and connecting to SonarQube for IDE is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.

Read article >

Image for Pitfalls of Desanitization: Leaking Customer Data from osTicket
Blog post

Pitfalls of Desanitization: Leaking Customer Data from osTicket

The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.

Read article >

Image for Juliet C# Benchmark and the SecureString case
Blog post

Juliet C# Benchmark and the SecureString case

Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.

Read article >