Sonar's latest blog posts
Solving the Engineering Productivity Paradox
Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.
Vulnerability Research Highlights 2024
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2024.
Read article >
Software and AI in 2025 — Sonar Perspectives on What’s to Come in the New Year
Several Sonar leaders share their perspectives on what to expect in 2025 with AI and software development.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Never Underestimate CSRF: Why Origin Reflection is a Bad Idea
CORS misconfigurations are often overlooked, but they can have severe consequences. We demonstrate how reflecting the origin header leads to code execution in Whistle.
Read article >
The new SonarQube Free tier is here - get started today!
Announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the features of our commercial SonarQube offering.
Read article >
SonarQube Server 10.8 Release Announcement
This release includes stronger AI Code Assurance and AI CodeFix capabilities. Choose from two new operating modes to run the server in a way that best suits your business needs. Exciting things continue to happen with our language support, like new architecture rules, support for Ansible IaC, and full support of our Dart/Flutter coverage. Find out what’s in store for you.
Read article >
A better (free) SonarQube experience
Announcing a new free tier of SonarQube, hosted in the cloud. This tier goes beyond our current community offering and gives individual developers and small teams many of the features of our commercial SonarQube offering.
Read article >
How to trust AI contributions to your codebase
In a world where AI generates code, code ownership and trust become increasingly obscure. Many enterprises already find this situation untenable, and they are looking for ways to solve it. But where do you start?
Read article >
Our commitment to you – and an update on severity ratings for software quality
The speed of software development and product delivery is increasing for organizations everywhere – including here at Sonar. In this blog, we decided to put our guiding engineering principles in writing and share them with you.
Read article >
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail
HTML sanitization has long been touted as a solution to prevent malicious content injection. However, this approach faces numerous challenges. In this blog post, we'll explore the limitations of server-side HTML sanitization and discuss why client-side sanitization is the better approach.
Read article >
The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator
This blog post explains how taint analysis tracks all data flows in an application’s source code to unveil deeply hidden vulnerabilities and showcases a critical vulnerability in the OpenAPI Generator discovered by SonarQube Cloud.
Read article >
Why Code Security Matters - Even in Hardened Environments
This blog post showcases why fundamental code security is essential for an application despite all hardening measures applied in the underlying infrastructure.
Read article >