Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
How code vulnerabilities in your web application can be the single point of failure for your IT infrastructure’s security.
Blog post

Pandora FMS 742: Critical Code Vulnerabilities Explained

How code vulnerabilities in your web application can be the single point of failure for your IT infrastructure’s security.

Read Blog post >

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easie...
Blog post

False positives are our enemies, but may still be your friends

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. Learn how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help.

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image shows various elements of code security, languages and bugs
Blog post

Codoforum 4.8.7: Critical Code Vulnerabilities Explained

We analyze the root cause of three critical security vulnerabilities that enabled a complete board take over, and how to correctly prevent these in your code.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

About the recent code leaks from SonarQube instances

On July 27th 2020 we learned through media coverage that Till Kottmann was able to access non open-source source code from various companies. This is our public response to the incident.

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Take Control of Code Quality with SonarQube Pull Request Decoration in Your Workflow

How do you write super clean code without disrupting your workflow? Join me as I show you how SonarQube Pull Request Decoration gets you there!

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Apache Kylin 3.0.1 Command Injection Vulnerability

We discovered a severe command injection vulnerability in Apache Kylin that allows malicious users to execute arbitrary OS commands.

Read Blog post >

Teams will be joining forces in building best-in-class Static Application Security Testing (SAST) products that help development teams and organizations deliver more secure software.
Blog post

SonarSource acquires RIPS Technologies

Teams will be joining forces in building best-in-class Static Application Security Testing (SAST) products that help development teams and organizations deliver more secure software.

Read Blog post >

Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect ...
Blog post

Exploiting Hibernate Injections

Hibernate is among one of the most commonly found database libraries used in Java web applications, shipping with its own query language. This technical post will teach you how to detect and exploit Hibernates very own vulnerability: The HQL Injection.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/9e3545dc-b15f-4293-b591-1df3761cfd2d/body-1a08fe56-2df2-46b9-b433-22157ef1940f_taintAnalysis1.png
Blog post

What is 'taint analysis' and why do I care?

In large systems, finding the bad actors is easier said than done. First you have to find all the places you accept data from users, and then you have to sanitize the data before you use it. The hard part is making sure you've found all the sources of user data and intervened before any kind of use. That's where taint analysis comes in.

Read Blog post >

This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress c...
Blog post

WordPress <= 5.2.3: Hardening Bypass

This blog post details an authenticated Remote Code Execution (RCE) vulnerability in the WordPress core that bypasses hardening mechanisms. The vulnerability is present in the WordPress core in versions prior to 5.2.4

Read Blog post >

Image shows various elements of code security, languages and bugs
Blog post

Clean as You Code: How to win at Code Quality without even trying

Analyzing a legacy project can be overwhelming. Learn how to Clean as You Code to make sure that the code you release into production tomorrow is at least as good as - and probably better than! - the code that's in production today.

Read Blog post >