Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance


Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)
The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.
Read Blog post >

Evaluating the RAIL license family
Machine learning (ML) is the hot topic in tech circles right now, and tech lawyers are no exception. Virtually every lawyer discussion I’ve had in the last two weeks has ended with a variation on this question
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)
We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.
Read Blog post >

Beyond the Rules of Three, Five and Zero
After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!
Read Blog post >

Bits from Hexacon 2022
Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!
Read Blog post >

Lesser spotted React mistakes: Hooked on a feeling
This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising.
Read Blog post >

SonarQube Server 9.7 is here!
Check out what’s new in SonarQube Server 9.7 in this quick video.
Read Blog post >

Remote Code Execution in Melis Platform
We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.
Read Blog post >

AI-based coding tools are thriving, and maintainers have some valid concerns about the impact on their work
One of the biggest AI-related headlines of 2024 has been the rapid growth and acceptance of AI-based coding tools.
Read article >

Bad code costs more than just your money
Bad code doesn’t just disappear and the consequences of overlooking it can be costly.
Read Blog post >

The Rules of Three, Five and Zero
The Rule of Three was coined back in 1991. That expanded to the Rule of Five with C++11's move semantics - and even that was then subsumed by The Rule of Zero. But what are all these rules? And do we have to follow them?
Read Blog post >