Sonar Logo
Start for FreeExplore Pricing

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
The SonarQube and React logos
Blog post

Write cleaner React code with SonarQube 10.4

SonarQube 10.4 was recently released and it includes 48 new rules and one updated rule to help you to write clean code in your React applications.

Read blog post >

Image of Sonar's Web API V2
Blog post

Introducing the new Sonar Web API V2

We are modernizing our Web API. In this post, Aurélien Poscia explains how and why.

Read blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the Privacy Policy and Cookie Policy.

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/ad3f101d-5396-4a27-ac2d-1e6dcf361831/AISIC_blog-index%402x.png
Blog post

Building the foundation for a strong AI future

Sonar is honored to participate in the newly established U.S. Artificial Intelligence Safety Institute Consortium (AISIC) effort and is excited to join other leaders at the forefront of AI development.

Read article >

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/c8c92af7-4da9-4e2e-bd0e-d24d33461ca3/risks_of_outsourcing_software_development_blog_index.webp
Blog post

5 Risks of Outsourcing Software Development and How to Avoid Them

Outsourcing software development requires a clear understanding of the potential risks. In this blog, we discuss five risks of this widely adopted strategy and provide tactics to minimize risk in delivered software.

Read article >

Picture showing SonarQube 10.4 release
Blog post

SonarQube 10.4 Release Announcement

The SonarQube 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarLint is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.

Read article >

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/e5212578-5794-4632-88f6-4a298bc9cb42/pitfalls_of_desanitization_leaking_customer_data_from_osticket_blog_index.webp
Blog post

Pitfalls of Desanitization: Leaking Customer Data from osTicket

The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.

Read article >

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/93a64a05-fe40-4c98-9145-de84ccf8bd3b/juliet_c_security_benchmark_the_securestring_case_blog_index.webp
Blog post

Juliet C# Benchmark and the SecureString case

Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.

Read article >

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/15632114-af55-440e-85bd-72b9a9f67069/the_importance_of_verifying_message_origins_blog_index.webp
Blog post

Who are you? The Importance of Verifying Message Origins

This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.

Read article >

https://assets-eu-01.kc-usercontent.com:443/57f6532d-823e-01d8-2c1b-7ac59cc99b1b/abef1f96-f752-4016-8fb8-43788dcf920e/Vulnerabilities%20in%20Jenkins_blog_index.webp
Blog post

Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins

This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.

Read article >

Image of Blazor support by Sonar
Blog post

Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows

Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows

Read blog post >

The SonarQube and React logos
Blog post

Lessons learned upgrading to React 18 in SonarQube

We share the biggest three issues we faced and the lessons we learned as we upgraded SonarQube to React 18.

Read blog post >