BLOG
Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
Builders, Withers, and Records - Java’s path to immutability
We know that immutable objects are easier to maintain, lead to fewer errors, and are multi-thread friendly. This article will show two different approaches to creating objects: Builders and Withers, along with a new type of immutable object in Java: Records
Read blog post >
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Our Clean Code solution, SonarCloud, led us to a severe security issue in the popular Content Management System Joomla.
Read article >
Union, intersection, difference, and more are coming to JavaScript Sets
The JavaScript Set was introduced to the language in the ES2015 spec, but it has always seemed incomplete. That's about to change with the addition of functions like intersection, union and difference.
Read blog post >
Write cleaner React code with SonarQube 10.4
SonarQube 10.4 was recently released and it includes 48 new rules and one updated rule to help you to write clean code in your React applications.
Read blog post >
Introducing the new Sonar Web API V2
We are modernizing our Web API. In this post, Aurélien Poscia explains how and why.
Read blog post >
Building the foundation for a strong AI future
Sonar is honored to participate in the newly established U.S. Artificial Intelligence Safety Institute Consortium (AISIC) effort and is excited to join other leaders at the forefront of AI development.
Read article >
5 Risks of Outsourcing Software Development and How to Avoid Them
Outsourcing software development requires a clear understanding of the potential risks. In this blog, we discuss five risks of this widely adopted strategy and provide tactics to minimize risk in delivered software.
Read article >
SonarQube 10.4 Release Announcement
The SonarQube 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarLint is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.
Read article >
Pitfalls of Desanitization: Leaking Customer Data from osTicket
The dangerous Desanitization pattern led to an XSS vulnerability in the open-source helpdesk software osTicket, which can be used to leak customer data.
Read article >
Juliet C# Benchmark and the SecureString case
Juliet C# is a project from the National Institute of Standards and Technology of the USA. As a security benchmark project, we used Juliet C# 1.3 to test and improve our C# analyzer. Here is a glimpse of the work we did around Juliet and some of its test cases related to the SecureString .NET type.
Read article >
Who are you? The Importance of Verifying Message Origins
This blog post highlights the importance of verifying the origin of JavaScript message events and outlines the potential impact of omitting this by detailing two critical vulnerabilities in the Squidex application.
Read article >