Blog
Sonar's latest blog posts
What is Clean Code?
If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.
But what is Clean Code, and what does it encompass?
Mono-repository support for Bitbucket Cloud now available for SonarCloud!
Last September, we announced that mono-repository support was added for GitHub and Azure DevOps Services. The good news is: mono-repository support is now also available for Bitbucket Cloud! See what it brings and how you can configure it in SonarCloud.
Read Blog post >
My Support Engineer Journey at SonarSource
What does a Support Engineer do and how could it ever be interesting? Here we share more about a unique and rewarding journey in this role at SonarSource that will help you understand more about the job and opportunity.
Read Blog post >
MyBB Remote Code Execution Chain
Today SonarSource is pleased to share a guest contribution to our Code Security blog series about learnings from a chain of serious vulnerabilities in MyBB.
Read Blog post >
Hack the Stack with LocalStack: Code Vulnerabilities Explained
Our vulnerability researchers found critical code vulnerabilities in a popular Python application that can be exploited remotely, even when the application instance is hosted locally.
Read Blog post >
Crafting regexes to avoid stack overflows
Due to the way regular expression matching is implemented in Java (and many other languages/libraries), matching a pattern may - depending on the regex - require stack space proportional to the length of the input. This means large inputs could cause the program to crash with a `StackOverflowException` when you try to use the regex.
Read Blog post >
Setting the right (regex) boundaries is important
Regular expressions pack a lot of power into terse little packages and unfortunately that introduces a lot of room for error. This post talks about regex boundaries, another feature that can lead to bugs when used incorrectly, and a rule of ours that can help you avoid such issues. it also covers about complexity and maintainability in regular expressions and our rule to help you find regular expressions that are too complex.
Read Blog post >
Regular expressions present challenges even for not-so-regular developers
Regular expressions are a concise and powerful tool for processing text. However, they also come with a steep learning curve and plenty of opportunities to make mistakes. This is the first in a series of posts about some specific regex pitfalls.
Read Blog post >
Code security: now there's a tool for developers
Hey SonarQube and SonarCloud users! You now have a tool to own Code Security! SonarSource has been hard at work for the last year to give you the tooling to review and improve your code security. We're glad to say that today you have at your fingertips unmatched precision and performance in SAST (Static Application Security Testing) analysis for five languages and counting.
Read Blog post >
Code Security Advent Calendar 2020
It's time to have some December fun! We have 24 little challenge gifts awaiting you that hide security vulnerabilities in real-world Java, C#, PHP and Python code. Can you spot the vulnerability?
Read Blog post >
Make Code Quality & Security™ an integral part of your workflow
SonarQube Developer Edition overlays Code Quality and Security™ right onto your projects. Your pull requests are automatically analyzed and decorated with a clear Go/No Go Quality Gate so you only merge clean, quality code! 👏
Read Blog post >
How SonarCloud finds bugs in high-quality Python projects
As developers, there always comes a time when we find a bug in production and wonder how it passed all our quality checks. Let's go over a few Bugs we found with SonarCloud and see why it is able to detect them when popular linters don't .
Read Blog post >