sonar coverage

Sonar in the news

Inc.

4 Leadership Lessons From a $200 Million, Fast-Growing, Profitable Startup

Adapt your business model to scarce capital, build on your strengths, and overcome your weaknesses.

Clean as You Code with SonarQube

In part three of this series for the Agile Noir podcast, Lance Kind speaks with Sonar VP of Products, Fabrice Bellingard about the importance of code quality and how SonarQube can help developers maintain clean code.

Empowering Weak Primitives: File Truncation to Code Execution With Git

In this article, SonarSource's R and D team discusses how they discovered a code vulnerability that allows you to truncate arbitrary files to execute arbitrary commands.

Hiring Now: Sonar Is Building a Team That’s Passionate About Clean Code

This Austin company is building out a team of tech professionals who are passionate about clean code.

SonarQube Helps Development Teams Clean their Code

In part two of this series for the Agile Noir podcast, Lance Kind speaks with Sonar VP of Products, Fabrice Bellingard about how SonarQube helps developers clean their code.

Listen Now >

Agile Noir

Why 7 million developers have their code analyzed by SonarQube

In part one of this series for the Agile Noir podcast, Lance Kind speaks with Sonar VP of Products, Fabrice Bellingard about why developers have their code analyzed by SonarQube.

Listen Now >

DZone

Malicious Message Leading To E-Commerce Takeover

In this article, Sonar's research and development team presents the root cause analysis of two Cross-Site Scripting bugs.

Devops

Avoiding Developer Burnout With Clean Code Best Practices

Employee burnout is common in the tech industry, especially for developers. In fact, 83% of software developers feel burnt out from their work and of those, nearly half of them feel...

CyberNews

Southwest Airlines incidents prove companies need to deal with technical debt – now

Thousands of US organizations are running on outdated software. This kind of failure to address technical debt is a recipe for a disaster – and it’s already costing trillions. Clean as You Code to the rescue.

Website Planet

Meet SonarSource: Top-Class Solutions For Code Quality Management

Check out this interview with Manish Gupta, CMO at SonarSource, a leading provider of clean code solutions. The interview covers the company’s story, the benefits of using clean code when building websites, and what’s in the future of coders with the recent developments in AI technology.

Venture Beat

Source Code Must Become a C-level Priority

Organizations have long realized how important their software is to their business. But they’re now fully realizing just how critical their software’s source code is. Sonar's CEO, Olivier Gaudin, explains.

Help Net Security

SonarQube 9.9 LTS Empowers Organizations to Boost the Quality of Their Code

Sonar has launched SonarQube 9.9 Long-Term Support (LTS) that empowers organizations to achieve the Clean Code state securely and at scale.

VM Blog

Sonar Launches SonarQube 9.9 LTS to Help Organizations Achieve a State of Clean Code

Sonar has launched SonarQube 9.9 Long-Term Support (LTS). The new release empowers organizations to achieve the Clean Code state quickly, securely, and at scale.

Journal of Cyber Policy

Sonar Launches SonarQube 9.9 LTS to Help Organizations Achieve a State of Clean Code

SonarQube 9.9 LTS offers accelerated pull request analysis, support for building and deploying secure cloud-native applications, sophisticated enterprise-grade capabilities, and many innovations related to the detection engine and contextual education.

DevOps Digest

SonarSource Launches SonarQube 9.9 LTS

Sonar’s latest 9.9 LTS release introduces key capabilities to enable enterprises to build better software in a sustained manner - with accelerated pull request analysis, support for building and deploying secure cloud-native applications, sophisticated enterprise-grade capabilities, and many innovations related to the detection engine and contextual education.

SD Times

SonarQube 9.9 LTS Helps Organizations Produce Clean Code

Sonar’s release of SonarQube 9.9 Long-Term Support (LTS) aims to help organizations clean their code quickly with accelerated pull request analysis, support for building and deploying secure cloud-native applications, and more.

Spiceworks

Retain Your Development Talent with The Power of Clean Code

Employee burnout is very common in the technology industry, especially for developers. However, companies can avoid developer burnout with the power of clean code practices, explains Fabrice Bellingard, VP of products at SonarSource.

Make Use Of

What Is SonarQube? 5 Key Features for Programmers

Many tools and platforms are available in the programming world, and here’s one you should add to your toolbox: SonarQube. The following key features of SonarQube will help you to overcome your coding difficulties and improve your programming skills.

App Developer Magazine

Why Sonar is Growing So Much

Announcing record growth in developer and enterprise customer adoption in FY22, Sonar has added 5,000 paying customers in 11 months, supporting 21,000 enterprise customers including over 75% of Fortune 100 and nearly half of Fortune 500 companies.

CPO Magazine

Protect Developer Tools Against Growing Vulnerability Threat

Over the past couple of years, developers have been increasingly targeted by attackers, with dozens of events occurring. These bad actors are targeting devs with the tools they depend on to build code.

The Empathetic Marketer

[Podcast] Increasing Audience Reach Using Effective Marketing Strategies with Manish Gupta

Listen as Manish Gupta, Chief Marketing Officer at Sonar, talks about creating intent-based campaigns to get your message across to audiences that are increasingly sensitive to overused marketing ploys.

Listen Now >

Techstrong

[Video] Critical Vulnerabilities in the IT Monitoring Tool

Watch as Stefan Schiller, a vulnerability researcher at SonarSource, explains how SonarSource determined an attacker can escalate to the Checkmk automation user by exploiting an authenticated arbitrary file read in NagVis.

Devopsdigest

2023 DevOps Predictions - Part 3

Industry experts offer thoughtful, insightful, and often controversial predictions on how DevOps and related technologies will evolve and impact business in 2023 - including source code as a key strategic asset.

The New Stack

Interest Growing in Dart and Flutter for Mobile

Dart and Flutter are finally getting their day as more software engineers explore using Flutter for mobile app development.

Enterprise Security Tech

Exec Threat Overview: CVE-2022-30129

Johannes Dahse, Head of R&D at Sonar, explains a Remote Code Execution vulnerability (CVE-2022-30129) that was discovered in one of the most popular IDEs: Visual Studio Code.

Console.Dev

Interview with Olivier Gaudin

CEO of Sonar, Olivier Gaudin, speaks to console.dev about getting into software, the beginnings of Sonar, the company structure, development challenges, tools, clean code, and more!

Computer Weekly

SonarSource: Google’s Carbon language is a successor, not a replacement, for C++

Phil Nash explains that, despite popular belief, Google’s open source Carbon programming language is not a strict replacement for C++. The important distinction is that it is intended to be used alongside C++.

DZone

JavaOne 2022: Java Continues to Evolve

The Java development team looks at the evolution of hardware and software to innovate and maintain its relationships with the developer community, and insights from the 2022 JavaOne conference.

BetaNews

[Q&A] How Clean Code Can Help Developers Prevent Vulnerabilities

Every year, thousands of code vulnerabilities are discovered, patched, and publicly disclosed to improve security for current and potential users. What can developers do to write better code that prevents vulnerabilities from entering their apps and services in the first place?

Techstrong

[Video] C++ and the Carbon Programming Language

Watch as Phil Nash, one of the original authors of the C++ test framework and a software engineer for SonarSource, explains how the Carbon programming language created by Google intertwines with C++

CRN

Sonar expands the Clean Code movement to Asia Pacific

The leading platform for Clean Code will grow its user community and customer base across the entire region including ASEAN, ANZ, South Korea, China, and India.

Dev Insider

[German] 10 unbekannte Sicherheitslücken in Python

Viele Entwickler nutzen Python und vertrauen darauf, dass es einen soliden Security-Level bietet.

Bleeping Computer

Zimbra Bug Allows Stealing Email Logins with No User Interaction

Technical details have emerged on a high-severity vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without authentication or user interaction.

TechZone360

5 Development Tools Every Tech Engineer Should Have Access To

As a tech engineer, it is vital to have access to the right tools so you can create innovative products that make our lives easier. This blog post will discuss five development tools that every tech engineer should access!

Techcrunch

Sonar raises $412M to scan codebases for bugs and vulnerabilities

Sonar, whose technology detects reliability and vulnerability issues in code, announced a funding round leading to a $4.7 billion valuation.

Reuters

Coding platform Sonar valued at $4.7 bln after latest funding

Sonar intends to use the funds to double its salesforce this year and expand the company's marketing team across its international offices...

MA RTS

[French] La start-up genevoise Sonar lève 412 millions et devient "quadruple licorne"

L'entreprise informatique genevoise Sonar a annoncé une capitalisation de 4,7 milliards de dollars, avec l'arrivée de nouveaux investisseurs américains.

Austin American-Statesman

Software company has big plans for Austin, aims to double employee count

Sonar, which operates its U.S. headquarters in Austin, says it is gearing up for growth in Austin after landing a significant infusion of capital...

SecurityWeek

CISA Warns of Attacks Exploiting Recent Vulnerabilities in Zabbix Monitoring Tool

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution.

The Record

Unpatched bug allows takeover of Horde webmail accounts, servers

Discovered by Sonar vulnerability researcher Simon Scannell, the vulnerability has existed in the Horde webmail app since late 2012...