Sonar's latest blog posts

Featured Post

Announcing SonarSweep: Improving training data quality for coding LLMs

Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.

Read More
https://assets-eu-01.kc-usercontent.com:443/55017e37-262d-017b-afd6-daa9468cbc30/c4c32669-0e01-4074-926a-1b257686a90c/sonarsweep_blog_or_press_featured_with_mark__2x.webp
Image for Java 22: Leverage unnamed variables and patterns
Blog post

Java 22: Leverage unnamed variables and patterns

Java 22 introduces several new language features but there’s one particularly important. This article shows you how to leverage the Unnamed variables and patterns with simple examples.

Read article >

Image for How SonarQube enables DORA compliance for financial institutions
Blog post

How SonarQube enables DORA compliance for financial institutions

The financial services industry stands at a critical juncture. With the Digital Operational Resilience Act (DORA) now fully in effect across the European Union, financial institutions must demonstrate robust cybersecurity and operational resilience capabilities.

Read article >

Get new blog posts delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By clicking “Sign up”, you consent to receive email communications from SonarSource containing blog updates, product news, and other relevant content. We will store and process your personal data for this purpose as described in our Privacy Policy. You can withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us in accordance with the Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for Tame technical debt with insights from The State of Code: Maintainability report
Blog post

Tame technical debt with insights from The State of Code: Maintainability report

Tame technical debt with insights from The State of Code: Maintainability report

Read article >

Image for Securing Kotlin Apps With SonarQube: Real-World Examples
Blog post

Securing Kotlin Apps With SonarQube: Real-World Examples

Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.

Read article >

Image for The biggest security risks unveiled in The State of Code: Security report
Blog post

The biggest security risks unveiled in The State of Code: Security report

The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.

Read article >

Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)

In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability. 

Read article >

Image for The State of Code: Introducing Sonar’s new code quality report series
Blog post

The State of Code: Introducing Sonar’s new code quality report series

Sonar's new report series analyzes 7.9B lines of code to reveal the most common issues and how to fix them.

Read article >

Image for Day in the Life: What Being a Sonar Support Engineer Looks Like
Blog post

Day in the Life: What Being a Sonar Support Engineer Looks Like

What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.

Read Blog >

Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)

We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.

Read article >

Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)

We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.

Read article >

Image for Solving the Engineering Productivity Paradox
Blog post

Solving the Engineering Productivity Paradox

There's a huge focus on speeding up code production using tools like GitHub Copilot, Cursor, and others. And the results are honestly stunning, but increasingly, the bottleneck popping up is in the code review phase. Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.

Read article >