Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Building the foundation for a strong AI future
Sonar is honored to participate in the newly established U.S. Artificial Intelligence Safety Institute Consortium (AISIC) effort and is excited to join other leaders at the forefront of AI development.
Read article >
5 Risks of Outsourcing Software Development and How to Avoid Them
Outsourcing software development requires a clear understanding of the potential risks. In this blog, we discuss five risks of this widely adopted strategy and provide tactics to minimize risk in delivered software.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
SonarQube Server 10.4 Release Announcement
The SonarQube Server 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarQube for IDE is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.
Read article >
Pitfalls of Desanitization: Leaking Customer Data from osTicket
The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.
Read article >
Juliet C# Benchmark and the SecureString case
Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.
Read article >
Who are you? The Importance of Verifying Message Origins
This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.
Read article >
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities, a Critical and High severity, recently discovered by our research team. Exploiting these vulnerabilities, attackers have the potential to gain Remote Code Execution on a Jenkins instance.
Read article >
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows
Read blog post >
Lessons learned upgrading to React 18 in SonarQube Server
We share the biggest three issues we faced and the lessons we learned as we upgraded SonarQube Server to React 18.
Read blog post >
Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?
Last week an important judicial ruling came down on a very intriguing case about open source license compliance. In this post, I'll talk about what makes it so interesting and potentially impactful across our industry.
Read article >
Vulnerability Research Highlights 2023
Our Vulnerability Research team looks back at a great year and summarizes the highlights of 2023.
Read article >