Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
KubeCon and CloudNativeCon North America 2022
Blog post

A Look Back at KubeCon 2022

The Sonar Team had a great time sponsoring KubeCon 2022 in Detroit. Read about our takeaways from the event...

Read Blog >

The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)

The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.

Read Blog >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for Evaluating the RAIL license family
Blog post

Evaluating the RAIL license family

Machine learning (ML) is the hot topic in tech circles right now, and tech lawyers are no exception. Virtually every lawyer discussion I’ve had in the last two weeks has ended with a variation on this question

Read article >

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.

Read Blog >

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!
Blog post

Beyond the Rules of Three, Five and Zero

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!

Read Blog >

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!
Blog post

Bits from Hexacon 2022

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!

Read Blog >

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting ...
Blog post

Lesser spotted React mistakes: Hooked on a feeling

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising.

Read Blog >

Image for SonarQube Server 9.7 is here!
Blog post

SonarQube Server 9.7 is here!

Check out what’s new in SonarQube Server 9.7 in this quick video.

Read Blog >

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its e...
Blog post

Remote Code Execution in Melis Platform

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.

Read Blog >

Image for AI-based coding tools are thriving, and maintainers have some valid concerns about the impact on their work
Blog post

AI-based coding tools are thriving, and maintainers have some valid concerns about the impact on their work

One of the biggest AI-related headlines of 2024 has been the rapid growth and acceptance of AI-based coding tools.

Read article >

Bad code doesn’t just disappear and the consequences of overlooking it can be costly. 
Blog post

Bad code costs more than just your money

Bad code doesn’t just disappear and the consequences of overlooking it can be costly. 

Read Blog >