Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
5 things to consider in performance comparisons
When talking about static analysis and/or SAST performance comparisons - or really, comparisons of any kind of performance - what criteria do you consider? Maybe it was fast, but what did it accomplish? Here's what you ought to look at when you compare performance.
Read Blog post >
Review your security vulnerabilities in GitHub with code scanning alerts
We’re happy to announce that SonarQube Cloud integrates with GitHub code scanning! It’s available to everyone with a GitHub repository - private or public - independently of your SonarQube Cloud plan. If you have access to the feature on GiHub and your organization admin already accepted the update for the SonarQube Cloud app permissions, you’re all set! You should be able to start using the feature during your next code review.
Read Blog post >
Horde Webmail 5.2.22 - Account Takeover via Email
We recently discovered a code vulnerability in Horde Webmail that can be used by attackers to take over email accounts by sending a malicious email.
Read Blog post >
Zabbix - A Case Study of Unsafe Session Storage
In this article we discuss the security of client-side session storages and analyze a vulnerable implementation in the IT monitoring solution Zabbix.
Read Blog post >
WordPress < 5.8.3 - Object Injection Vulnerability
We discovered an interesting code vulnerability that could be used to bypass hardening mechanisms in the popular WordPress CMS.
Read Blog post >
How to disable XXE processing?
In this post, we will see how to completely disable external entities declaration and expansion, offering a quick and safe solution.
Read Blog post >
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them
Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, we will try to demystify XXE vulnerabilities and present the rule we put in place to help you detect and prevent them.
Read Blog post >
WordPress 5.8.2 Stored XSS Vulnerability
We reported a Stored XSS vulnerability in WordPress (CVE-2022-21662) which remained unpatched for more than 3 years and affected the wordpress.org website.
Read Blog post >
Vulnerability Research Highlights 2021
Our research team looks back at a great year and summarizes the highlights of their vulnerability research in 2021.
Read Blog post >
Modernizing your code with C++20
C++20 is here! It's a big release with many features designed to make your code easier, faster and safer. Let's see how the latest C++ analysis rules in SonarQube for IDE, SonarQube Server and SonarQube Cloud can help us modernize our code to take advantage of some of the new features.
Read Blog post >
NodeBB 1.18.4 - Remote Code Execution With One Shot
We recently discovered three interesting code vulnerabilities in NodeBB 1.18.4, allowing attackers to compromise servers. Find out about the details in this article!
Read Blog post >