Sonar Blog

Home

BLOG

Sonar's latest blog posts

Featured Post

Building Confidence and Trust in AI-Generated Code

To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance

Read More
https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/0bd6c0bc-c921-485b-8570-8de7e1384983/AI%20Code%20Assurance_square-index%402x.png
We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.
Blog post

Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)

We discovered multiple vulnerabilities in Checkmk, which can be chained together by an unauthenticated, remote attacker to fully take over a vulnerable server.

Read Blog post >

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!
Blog post

Beyond the Rules of Three, Five and Zero

After examining the Rules of Three, Five, and Zero, part 2 of this series looks at the exceptions that prove the rule(s). Some of them may surprise you (no, really)!

Read Blog post >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!
Blog post

Bits from Hexacon 2022

Our AppSec and Vulnerability Research teams had a great time at Hexacon 2022, here's what we enjoyed!

Read Blog post >

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting ...
Blog post

Lesser spotted React mistakes: Hooked on a feeling

This series is dedicated to the small, but common pitfalls and errors you can encounter when writing React code. Whether an experienced JavaScript | TypeScript developer or just starting out, the results can be surprising.

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/91219eab-8901-4331-a736-11e913911084/hero%402x.jpg
Blog post

SonarQube 9.7 is here!

Check out what’s new in SonarQube 9.7 in this quick video.

Read Blog post >

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its e...
Blog post

Remote Code Execution in Melis Platform

We come back on a critical deserialization vulnerability identified by our SAST engine in the software Melis Platform. Let’s look at how it works under the hood and how we confirmed its exploitability.

Read Blog post >

Bad code doesn’t just disappear and the consequences of overlooking it can be costly. 
Blog post

Bad code costs more than just your money

Bad code doesn’t just disappear and the consequences of overlooking it can be costly. 

Read Blog post >

The Rule of Three was coined back in 1991. That expanded to the Rule of Five with C++11's move semantics - and even that was then subsumed by The Rule of Zero. But what are all these rule...
Blog post

The Rules of Three, Five and Zero

The Rule of Three was coined back in 1991. That expanded to the Rule of Five with C++11's move semantics - and even that was then subsumed by The Rule of Zero. But what are all these rules? And do we have to follow them?

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/df8129f1-a500-413f-83e5-f954486d9ae6/Five%20Key%20Features%20of%20SonarCloud_blog%20header.png
Blog post

Five SonarCloud features for developers that want Clean Code

Whether you’re working on a new project or an existing one, you might think of Clean Code as an ideal, somewhere far out of reach. Let’s go over 5 key features that make SonarCloud the perfect tool for developers and development teams to deliver Clean Code consistently and efficiently, without disrupting the existing development workflow.

Read Blog post >

What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!
Blog post

Securing Developer Tools: A New Supply Chain Attack on PHP

What is your worst supply chain nightmare and why is it somebody that could take over all the PHP packages at once? Let's deep dive into how we could demonstrate it!

Read Blog post >

https://assets-eu-01.kc-usercontent.com:443/093b835c-5333-0132-0526-5bdca2623961/9b48b8b7-1632-4607-8321-bc8d583524af/SonarQube%20Accessibility_Banner_%402x.png
Blog post

Our journey toward accessibility

When you think about your typical workday, how much time do you spend working on a computer? How hard would it be for you to perform your job if you did not have access to a computer?

Read Blog post >