Sonar Logo
Start for FreeExplore Pricing

Sonar Blog

Home

Blog

Sonar's latest blog posts

Featured Post

What is Clean Code?

If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.


But what is Clean Code, and what does it encompass?

Read More
https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/ddb995eb-cb89-4435-82fb-1b937cdf11dc/what_is_clean_code_blog_feature.webp
Get the benefits of TypeScript without writing TypeScript
Blog post

Get the benefits of TypeScript in your JavaScript

Let's dive into what you can do to get more and more of TypeScript's benefits in your JavaScript projects.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/d397fc0e-7eee-427a-8f60-43de4e4d1fd3/sq-10-2_blog-index.webp
Blog post

Introducing SonarQube 10.2: Setting New Standards in Code Quality and Security

Discover the new features in SonarQube 10.2!

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/559de609-ecc9-4374-84cf-fbf76585abe7/stealing_with_style_protonmail_blog_index_v3.webp
Blog post

Code Vulnerabilities Put Proton Mails at Risk

The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/acd1048a-2282-463c-8099-1a7b3df28d17/moodle-vulnerabilities_pt-02_blog-index.webp
Blog post

Playing Dominos with Moodle's Security (2/2)

Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/6060aca5-c302-4b8b-b20e-b2ef28e54330/enhancing_sast_detection_leveraging_benchmarks_for_measuring_progress_01_blog_index.webp
Blog post

Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress

Enhancing Static Application Security Testing SAST, leverage benchmarks for tracking our progress.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/08a2c5cc-6ff7-4d35-9aa3-2a2a728cdc47/moodle-vulnerabilities_blog-index.webp
Blog post

Playing Dominos with Moodle's Security (1/2)

Our security researchers recently discovered two critical vulnerabilities in Moodle that leverage the use of not impactful bugs.

Read article >

Sonar at BlackHat blog image
Blog post

BlackHat 2023: Hackers, Casinos, and an Exciting Announcement

The Sonar team of developers are just returning from their trip to Las Vegas where they attended BlackHat USA 2023. If you were not able to make it, here is what you missed.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/3549eb32-e816-4d63-83a7-00b150e8bfda/deeper-sast-in-javascript_blog-index.webp
Blog post

What is deeper SAST in JavaScript?

What is SAST, what does deeper SAST mean, and how does this apply to your JavaScript and TypeScript applications?

Read blog post >

Patches, Collisions, and Root Shells: A Pwn2Own Adventure
Blog post

Patches, Collisions, and Root Shells: A Pwn2Own Adventure

We dive into the technical details of the vulnerabilities we identified as part of last year's Pwn2Own competition.

Read article >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/a6d86837-3fbd-4ec4-a314-9adf7f159ab5/sc-and-c_blog-index.webp
Blog post

No, C++ static analysis does not have to be painful

No C and C++ static analysis does not need to mean difficult configuration and pain. We explain how Sonar has made the impossible possible with one-click analysis for projects hosted in GitHub. A free automatic analysis of C and C++ projects.

Read blog post >

https://assets-eu-01.kc-usercontent.com:443/a50ea1f1-f62f-0105-db14-5c090004974b/fc26b25b-e31a-43b4-9f7c-4b7a56e79939/we_are_developers_berlin2023_event.webp
Blog post

WeAreDevelopers 2023 - what did you miss?

The Sonar team of developers are just returning from their trip to Berlin where they attended WeAreDevelopers 2023. If you were not able to make it, here is what you missed.

Read blog post >