Sonar Blog

Home

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
We recently discovered an XSS vulnerability in the admin frontend of Ghost CMS 4.3.2. Find out the details and learn how to avoid such issues in your code!
Blog post

Ghost CMS 4.3.2 - Cross-Origin Admin Takeover

We recently discovered an XSS vulnerability in the admin frontend of Ghost CMS 4.3.2. Find out the details and learn how to avoid such issues in your code!

Read Blog post >

Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of...
Blog post

Compilation database: An alternative way to configure your C or C++ analysis

Analyzing your C or C++ code requires, in addition to the source code, the configuration that is used to build the code. Historically we have provided a tool to automate the extraction of this information, called the build wrapper. Recently we introduced another way to configure your analysis, the compilation database. Learn more about the pros and cons of each option.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.
Blog post

elFinder - A Case Study of Web File Manager Vulnerabilities

Our case study of elFinder 2.1.57 describes several critical code vulnerabilities commonly found in web file managers and how to patch them.

Read Blog post >

SonarQube has always had a rich plugin Marketplace, with much of SonarQube's functionality originally delivered as plugins and many additional needs being met by community-maintained plug...
Blog post

Use 3rd-party plugins at your own risk

If you're using 3rd-party plugins for SonarQube Server, you're obviously already aware of the benefits. With this blog post, we want to make sure you're also aware of the risks. Because there are risks.

Read Blog post >

Learn how developers can safeguard their cloud 'secrets' from publicly leaking and take charge of their Code Security with SonarLint.
Blog post

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Learn how developers can safeguard their cloud 'secrets' from publicly leaking and take charge of their Code Security with SonarQube for IDE.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/8b999041-a358-44d4-a738-7a25475d6d13/Blog%20-%20Retain%20Your%20Development%20Talent%402x.jpg
Blog post

How Clean Code Practices Help You Retain Your Development Talent

It can be challenging to maintain good coding vibes when your team or company often prioritizes feature delivery over code quality. If your developers are never allowed the time to work on new and exciting things they may eventually find somewhere else to bring their coding talents to.

Read Blog post >

We discovered critical code issues in Zimbra, a popular enterprise webmail solution, that could lead to a compromise of all emails by an unauthenticated attacker.
Blog post

Zimbra 8.8.15 - Webmail Compromise via Email

We discovered critical code issues in Zimbra, a popular enterprise webmail solution, that could lead to a compromise of all emails by an unauthenticated attacker.

Read Blog post >

Learn how the functionality of Quality Profiles and Quality Gates come together to enable the SonarSource Clean As You Code methodology.
Blog post

Clean As You Code essentials - What are Quality Profiles and Quality Gates?

Learn how the functionality of Quality Profiles and Quality Gates come together to enable the SonarSource Clean As You Code methodology.

Read Blog post >

We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.
Blog post

Etherpad 1.8.13 - Code Execution Vulnerabilities

We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.

Read Blog post >

Discover how SonarQube can integrate with your existing enterprise setup (LDAP, SSO & co.) for user authentication and authorization.
Blog post

Enterprise-ready: Authentication & Authorization with SonarQube Server (LDAP, SSO & more)

Discover how SonarQube Server can integrate with your existing enterprise setup (LDAP, SSO & co.) for user authentication and authorization.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/a8c9572d-fe62-0144-0642-b3f31f575091/87785a8e-6ea7-439d-8a9b-b6dbe41e64dc/CiviCMS.jpeg
Blog post

CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained

We discovered critical code vulnerabilities in CiviCRM, a popular CRM plugin for Wordpress, Joomla and Drupal. Learn more about how to find and patch these issues.

Read Blog post >

Go to SonarSource homepage
sonar logo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.