Sonar

Founded in 2008. Privately Held.

External links: homepage | docs | blog | jobs | youtube | twitter | github | linkedin

Clean code tools.

Blog posts published by month since the start of

358 total blog posts published.

Switch to word count

Blog content

post title author published words HN
A C&C++ tour of SonarLint for VS Code Abbas Sabra and Geoffray Adde May. 03, 2022 534 -
A Look Back at KubeCon 2022 Clint Cameron Nov. 10, 2022 507 -
Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules Freddy Mallet Oct. 03, 2013 415 -
Compilation database: An alternative way to configure your C or C++ analysis Loïc Joly Aug. 24, 2021 1915 -
Apache Kylin 3.0.1 Command Injection Vulnerability Johannes Dahse Jun. 01, 2020 983 -
Bad code costs more than just your money Liz Ryan Oct. 13, 2022 182 -
Beyond the Rules of Three, Five and Zero Phil Nash Oct. 26, 2022 1712 -
Bitbucket 6.1.1 Path Traversal to RCE Johannes Dahse Sep. 03, 2019 999 -
Bits from Hexacon 2022 Thomas Chauchefoin Oct. 25, 2022 1047 -
Remote Code Execution via Prototype Pollution in Blitz.js Paul Gerste Jul. 12, 2022 2126 -
Breaking the SonarQube Analysis with Jenkins Pipelines Julien Henry Apr. 19, 2017 430 -
Broken pipelines for everyone! Christophe Havard Jun. 08, 2021 581 -
Bugs and Vulnerabilities are 1st Class Citizens in SonarQube Quality Model along with Code Smells G. Ann Campbell Jun. 02, 2016 460 -
Cachet 2.4: Code Execution via Laravel Configuration Injection Thomas Chauchefoin Sep. 21, 2021 1643 -
Cacti: Unauthenticated Remote Code Execution Stefan Schiller Jan. 03, 2023 1450 -
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) Stefan Schiller Nov. 01, 2022 2513 -
Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3) Stefan Schiller Nov. 08, 2022 2797 -
Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3) Stefan Schiller Nov. 15, 2022 2032 -
CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained Dennis Brinkrolf Jun. 21, 2021 1745 -
Clean as You Code: How to win at Code Quality without even trying G. Ann Campbell Jan. 20, 2020 993 -
Clean As You Code essentials - What are Quality Profiles and Quality Gates? Clint Cameron Jul. 21, 2021 1946 -
Code Security Advent Calendar 2020 Johannes Dahse Nov. 26, 2020 499 -
Code Security Advent Calendar 2021 Thomas Chauchefoin Nov. 29, 2021 525 -
Code Security Advent Calendar 2022 Paul Gerste Nov. 29, 2022 632 -
Code security: now there's a tool for developers G. Ann Campbell Dec. 11, 2020 393 -
Code Vulnerabilities in NSA Application Revealed Dennis Brinkrolf Apr. 06, 2021 1346 -
Codoforum 4.8.7: Critical Code Vulnerabilities Explained Dennis Brinkrolf Aug. 25, 2020 1959 -
Cognitive Complexity, Because Testability != Understandability G. Ann Campbell Dec. 07, 2016 1069 -
Common TypeScript Issues Nº 5: Optional property declarations Phil Nash Jan. 30, 2023 661 -
CTF Writeup: Complex Drupal POP Chain Simon Scannell Jan. 29, 2019 6 -
Crafting regexes to avoid stack overflows Sebastian Hungerecker Feb. 23, 2021 881 -
CubeCart 6.1.12 - Admin Authentication Bypass Robin Peraglie Jan. 17, 2018 1166 -
Customizing Sonar to Fit Your Needs Olivier Gaudin Apr. 26, 2013 545 -
Detect Dead Code and Calls to Deprecated Methods with Sonar Squid Freddy Mallet May. 26, 2010 401 -
What I learned from using SonarQube for the first time Sonar Dec. 01, 2022 1624 -
Differentials: Four ways to see what's changed G. Ann Campbell Jun. 12, 2013 769 -
Disclosing information with a side-channel in Django Dennis Brinkrolf Jul. 26, 2022 3247 -
Discussing Cyclomatic Complexity Olivier Gaudin Dec. 17, 2008 532 -
Doing More with Less in Uncertain Times Bruce Herbert Nov. 18, 2022 571 -
dotCMS 5.1.5: Exploiting H2 SQL injection to RCE Sonar Jun. 25, 2019 908 -
Drive By RCE Exploit in Pimcore 6.2.0 Robin Peraglie Oct. 21, 2019 759 -
Analysis of Visual Studio Solutions with the SonarQube Scanner for MSBuild Sonar Nov. 19, 2015 644 -
Effective Code Review with Sonar Fabrice Bellingard Oct. 20, 2011 1071 -
elFinder - A Case Study of Web File Manager Vulnerabilities Thomas Chauchefoin Aug. 17, 2021 2949 -
Etherpad 1.8.13 - Code Execution Vulnerabilities Paul Gerste Jul. 13, 2021 1348 -
Everything's a component G. Ann Campbell Sep. 18, 2013 944 -
Why did my coverage just drop?! G. Ann Campbell Jan. 23, 2018 588 -
Exploiting Hibernate Injections Robin Peraglie Feb. 25, 2020 1300 -
False positives are our enemies, but may still be your friends Loïc Joly Sep. 15, 2020 2204 -
Five SonarCloud features for developers that want Clean Code Thomas Olivier Oct. 06, 2022 1317 -
Fully Automated Promotion Pipelines with SonarQube and Artifactory Fabrice Bellingard Sep. 25, 2018 959 -
Ghost CMS 4.3.2 - Cross-Origin Admin Takeover Paul Gerste Aug. 31, 2021 1307 -
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Simon Scannell Oct. 27, 2021 9 -
Agent 008: Chaining Vulnerabilities to Compromise GoCD Simon Scannell and Thomas Chauchefoin Nov. 11, 2021 2446 -
Grav CMS 1.7.10 - Code Execution Vulnerabilities Thomas Chauchefoin Jun. 01, 2021 1415 -
Hack the Stack with LocalStack: Code Vulnerabilities Explained Dennis Brinkrolf Mar. 02, 2021 1533 -
Horde Webmail 5.2.22 - Account Takeover via Email Simon Scannell Feb. 22, 2022 1508 -
Horde Webmail - Remote Code Execution via Email Simon Scannell May. 31, 2022 1278 -
How Clean Code Practices Help You Retain Your Development Talent Liz Ryan Jul. 28, 2021 734 -
How to enable your development team to deliver Clean Code? Thomas Olivier Dec. 08, 2022 1595 -
Clean Your Infrastructure Code with Sonar Clint Cameron Mar. 22, 2022 670 -
Import issues of your favorite linters in SonarCloud! Fabrice Bellingard Jun. 04, 2018 677 -
Interview with a SonarSource Developer Andrew Osborne Sep. 15, 2022 1134 -
My Journey Interviewing with SonarSource... Clint Cameron Aug. 21, 2018 564 -
Is 80% of code coverage any good ? Olivier Gaudin Oct. 29, 2008 331 -
Joomla! 3.8.3: Privilege Escalation via SQL Injection Karim El Ouerghemmi Feb. 06, 2018 685 -
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection Robin Peraglie Sep. 20, 2017 884 -
Lesser spotted React mistakes: Hooked on a feeling Gabriel Vivas Oct. 20, 2022 1043 -
Lesser spotted React mistakes: What are we even rendering? Gabriel Vivas Jan. 05, 2023 1547 -
Lesser spotted React mistakes: Zombie methods Gabriel Vivas Nov. 28, 2022 1216 -
Level up your team's skills as they code Liz Ryan Jan. 10, 2023 621 -
Magento 2.3.1: Unauthenticated Stored XSS to RCE Simon Scannell Jul. 02, 2019 1725 -
Manage Duplicated Code with Sonar Evgeny Mandrikov Feb. 29, 2012 1219 -
Meet the new project experience for SonarCloud Thomas Olivier Oct. 21, 2021 631 -
Modernizing your code with C++20 Phil Nash Dec. 07, 2021 2111 -
Mono-repository support for Bitbucket Cloud now available for SonarCloud! Thomas Olivier Mar. 29, 2021 451 -
Mono-repository support for GitHub and Azure DevOps Services available now! Thomas Olivier Sep. 29, 2020 694 -
Evil Teacher: Code Injection in Moodle Robin Peraglie Jun. 12, 2018 1699 -
MyBB Remote Code Execution Chain Sonar Mar. 18, 2021 2019 -
MyBB <= 1.8.20: From Stored XSS to RCE Simon Scannell Jun. 11, 2019 1154 -
What is Phar Deserialization Johannes Dahse Aug. 14, 2018 610 -
NodeBB 1.18.4 - Remote Code Execution With One Shot Paul Gerste Nov. 30, 2021 1989 -
NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket Paul Gerste May. 18, 2021 2260 -
Securing Developer Tools: OneDev Remote Code Execution Paul Gerste Sep. 20, 2022 2364 -
Code vulnerabilities put health records at risk Dennis Brinkrolf Oct. 28, 2020 2053 -
OpenEMR - Remote Code Execution in your Healthcare System Dennis Brinkrolf Jan. 25, 2023 1695 -
osClass 3.6.1: Remote Code Execution via Image File Robin Peraglie Dec. 19, 2016 1060 -
Our journey toward accessibility Sonar Sep. 26, 2022 1000 -
Pandora FMS 742: Critical Code Vulnerabilities Explained Dennis Brinkrolf Sep. 22, 2020 1582 -
Path Traversal Vulnerabilities in Icinga Web Thomas Chauchefoin May. 10, 2022 1952 -
PHP Object Injection Simon Scannell Oct. 09, 2018 985 -
PHP Supply Chain Attack on Composer Thomas Chauchefoin Apr. 29, 2021 2016 -
PHP Supply Chain Attack on PEAR Thomas Chauchefoin Mar. 29, 2022 2057 -
phpBB 3.2.3: Phar Deserialization to RCE Simon Scannell Nov. 20, 2018 1123 -
The Power of Clean Code Olivier Gaudin Sep. 09, 2022 556 -
Product portals open: we want your input G. Ann Campbell Sep. 14, 2021 201 -
About the recent code leaks from SonarQube instances Olivier Gaudin Jul. 31, 2020 451 -
RainLoop Webmail - Emails at Risk due to Code Flaw Simon Scannell Apr. 19, 2022 1534 -
Regular expressions present challenges even for not-so-regular developers Sebastian Hungerecker Feb. 09, 2021 1157 -
Remote Code Execution in Melis Platform Karim El Ouerghemmi, Thomas Chauchefoin Oct. 18, 2022 1987 -
Reuse in Sonar unit test reports generated by other systems Olivier Gaudin Apr. 09, 2009 479 -
Review your security vulnerabilities in GitHub with code scanning alerts Thomas Olivier Feb. 24, 2022 507 -
Roundcube 1.2.2: Command Execution via Email Robin Peraglie Dec. 06, 2016 1087 -
How to disable XXE processing? Eric Therond Jan. 25, 2022 1003 -
Securing access to projects in Sonar Freddy Mallet Feb. 25, 2010 471 -
Securing Developer Tools: A New Supply Chain Attack on PHP Thomas Chauchefoin Oct. 04, 2022 2623 -
Securing Developer Tools: Argument Injection in Visual Studio Code Thomas Chauchefoin Aug. 23, 2022 1588 -
Securing Developer Tools: Git Integrations Thomas Chauchefoin Mar. 15, 2022 2282 -
Securing Developer Tools: Package Managers Paul Gerste Mar. 08, 2022 2762 -
Security Implications of URL Parsing Differentials Thomas Chauchefoin Aug. 08, 2022 1849 -
Setting the right (regex) boundaries is important Sebastian Hungerecker Feb. 16, 2021 1032 -
SmartStoreNET - Malicious Message leading to E-Commerce Takeover Thomas Chauchefoin Nov. 02, 2021 1625 -
Sonar @ Pwn2Own Toronto 2022 Thomas Chauchefoin Dec. 12, 2022 782 -
Sonar Streamlines the Race to Release Clint Cameron Aug. 30, 2022 1364 -
Sonar to identify security vulnerabilities Freddy Mallet Sep. 24, 2009 503 -
SonarAnalyzer for C#: The Rule Engine You Want to Use Sonar Sep. 01, 2016 589 -
SonarCFamily Now Supports ARM Compilers Massimo Paladin Jun. 15, 2017 375 -
Announcing the SonarCloud Pipe for Bitbucket Cloud users! Nicolas Bontoux Feb. 28, 2019 608 -
How SonarCloud finds bugs in high-quality Python projects Nicolas Harraudeau Nov. 03, 2020 917 -
Protect your code against injection vulnerabilities with SonarCloud! Alexandre Gigleux Jul. 10, 2018 363 -
Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe Kirti Joshi Aug. 03, 2021 1052 -
Modernize Code Quality with ‘Quick Fixes’ Kirti Joshi Sep. 23, 2021 347 -
SonarQube 9.8 is here! Lauren Cranford Dec. 21, 2022 121 -
SonarQube 9.7 is here! Lauren Cranford Oct. 19, 2022 79 -
Make Code Quality & Security™ an integral part of your workflow Clint Cameron Nov. 10, 2020 1333 -
Enterprise-ready: Authentication & Authorization with SonarQube (LDAP, SSO & more) Nicolas Bontoux Jun. 28, 2021 1270 -
7 more reasons to upgrade to SonarQube 8.9 LTS Colin Mueller Jun. 15, 2021 1023 -
SonarQube 8.9 LTS: 3 steps to a smooth upgrade Brian Cipollone May. 05, 2021 967 -
Sonar’s analysis performance targets Alexandre Gigleux Jun. 07, 2022 966 -
SonarSource acquires RIPS Technologies Olivier Gaudin May. 13, 2020 896 -
SQALE, the ultimate Quality Model to assess Technical Debt Freddy Mallet Nov. 18, 2010 892 -
Backend SQL Injection in BigTree CMS 4.4.6 Robin Peraglie Nov. 05, 2019 1055 -
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services Simon Scannell and Niklas Breitfeld Oct. 19, 2021 1735 -
Supercharge your C++ analysis with SonarLint for CLion Phil Nash and Geoffray Adde Sep. 28, 2021 1528 -
My Support Engineer Journey at SonarSource Joe Tingsanchali Mar. 23, 2021 1334 -
Supporting analysis of .NET Core projects Duncan Pocklington Jan. 10, 2018 835 -
Develop Your Cloud Native Apps the Sustainable Way Clint Cameron Dec. 15, 2022 1196 -
Take Control of Code Quality with SonarQube Pull Request Decoration in Your Workflow Clint Cameron Jul. 27, 2020 1050 -
The Hidden Flaws of Archives in Java Sonar May. 29, 2019 616 -
The NeverEnding Story of writing a rule for argument passing in C++ Loïc Joly May. 15, 2019 3012 -
The Rules of Three, Five and Zero Phil Nash Oct. 11, 2022 1510 -
Three options for pre-commit analysis G. Ann Campbell Feb. 20, 2014 881 -
TYPO3 9.5.7: Overriding the Database to Execute Code Robin Peraglie Jul. 16, 2019 737 -
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them Eric Therond Jan. 18, 2022 14 -
Unit Test Execution in SonarQube G. Ann Campbell Aug. 06, 2014 390 -
Use 3rd-party plugins at your own risk G. Ann Campbell Aug. 10, 2021 1145 -
Using quality profiles in Sonar Olivier Gaudin Mar. 05, 2009 542 -
Vulnerability Research Highlights 2021 Johannes Dahse Jan. 05, 2022 1179 -
Vulnerability Research Highlights 2022 Johannes Dahse Jan. 11, 2023 1709 -
Water Leak Changes the Game for Technical Debt Management Olivier Gaudin Jul. 03, 2015 1000 -
We Are Adjusting Rules Severities G. Ann Campbell Sep. 08, 2016 399 -
What is 'taint analysis' and why do I care? G. Ann Campbell Feb. 10, 2020 679 -
What makes Checkstyle, PMD, Findbugs and Macker complementary ? Olivier Gaudin Feb. 19, 2009 694 -
What to expect from JavaScript/TypeScript analysis on OWASP JuiceShop Alexandre Gigleux May. 12, 2021 725 -
Scaling Clean Code Across the Enterprise Bruce Herbert Dec. 06, 2022 886 -
Why mail() is dangerous in PHP Robin Peraglie May. 03, 2017 1220 -
Why You Shouldn't Use Build Breaker Olivier Gaudin Feb. 25, 2016 760 -
Winning the race against TOCTOU vulnerabilities in C & C++ G. Ann Campbell Oct. 07, 2020 502 -
WooCommerce 3.6.4 - CSRF Bypass to Stored XSS Dennis Brinkrolf Oct. 08, 2019 839 -
WordPress Core - Unauthenticated Blind SSRF Simon Scannell and Thomas Chauchefoin Sep. 06, 2022 1630 1
WordPress 5.1 CSRF to Remote Code Execution Simon Scannell Mar. 13, 2019 1443 -
WordPress File Delete to Code Execution Karim El Ouerghemmi Jun. 26, 2018 1339 -
WordPress <= 5.2.3: Hardening Bypass Simon Scannell Jan. 21, 2020 710 -
WordPress 5.0.0 Remote Code Execution Simon Scannell Feb. 19, 2019 2106 -
WordPress < 5.8.3 - Object Injection Vulnerability Simon Scannell Feb. 08, 2022 1979 -
WordPress Privilege Escalation through Post Types Simon Scannell Dec. 17, 2018 1893 -
WordPress 5.8.2 Stored XSS Vulnerability Karim El Ouerghemmi Jan. 11, 2022 1762 -
WordPress 5.7 XXE Vulnerability Karim El Ouerghemmi Apr. 27, 2021 1788 -
You’re 3 minutes away from clean Java pull requests! Thomas Olivier Sep. 01, 2022 670 -
Zabbix - A Case Study of Unsafe Session Storage Thomas Chauchefoin Feb. 16, 2022 2351 -
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection Simon Scannell Jun. 14, 2022 2727 -
Unrar Path Traversal Vulnerability affects Zimbra Mail Simon Scannell Jun. 28, 2022 2122 -
Zimbra 8.8.15 - Webmail Compromise via Email Simon Scannell Jul. 27, 2021 1525 -
5 things to consider in performance comparisons G. Ann Campbell Mar. 01, 2022 929 -
10 Unknown Security Pitfalls for Python Dennis Brinkrolf Nov. 16, 2021 2561 -
Increase developer velocity today with Clean as You Code Liz Ryan Feb. 16, 2023 845 -
We are Sonar! Marisa Davis Feb. 14, 2023 736 -
Common TypeScript Issues Nº 4: Don't create and drop objects immediately Phil Nash Feb. 07, 2023 674 -
Common TypeScript Issues Nº 3: unused local variables and functions Phil Nash Feb. 20, 2023 896 -
Clean Code: The Best Approach to Writing Secure Cloud Native Apps Clint Cameron Feb. 21, 2023 310 -
Empowering weak primitives: file truncation to code execution with Git Thomas Chauchefoin Feb. 27, 2023 1042 -
Common TypeScript Issues Nº 2: non-empty statements Phil Nash Mar. 01, 2023 926 -
SonarQube LTS Upgrade Checklist Brian Cipollone Mar. 06, 2023 912 -
Celebrating International Women's Day with the women of Sonar Liz Ryan Mar. 08, 2023 2577 -
Common TypeScript Issues Nº 1: assignments within sub-expressions Phil Nash Mar. 08, 2023 895 -
9 more reasons to upgrade to SonarQube 9.9 LTS Colin Mueller Mar. 13, 2023 1021 -
Cloud native features in SonarQube 9.9 LTS Clint Cameron Mar. 16, 2023 488 -
The top 5 common TypeScript issues found by SonarLint Phil Nash Mar. 20, 2023 615 -
Your Guide to Clean Code in Cloud Native Apps Clint Cameron Mar. 23, 2023 306 -
Sonar is the Clean Code solution for your DevOps workflow Liz Ryan Mar. 28, 2023 1055 -
It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS Stefan Schiller Mar. 29, 2023 1704 -
Announcing SonarQube 10.0 Kirti Joshi Apr. 04, 2023 257 -
How bad code destroys developer velocity Liz Ryan Apr. 05, 2023 176 -
Another 9 reasons to upgrade to SonarQube 9.9 LTS Colin Mueller Apr. 05, 2023 1074 -
Pretalx Vulnerabilities: How to get accepted at every conference Stefan Schiller Apr. 12, 2023 1786 -
Sonar ❤️ Compiler Explorer: Write clean C++ code inside your browser Fred Tingaud Apr. 16, 2023 1312 -
Interview with Sonar Python Developers Part 1 Andrew Osborne Apr. 17, 2023 1439 -
Odoo: Get your Content Type right, or else! Dennis Brinkrolf, Thomas Chauchefoin Apr. 24, 2023 1849 -
Interview with Sonar Python Developers Part 2 Andrew Osborne Apr. 25, 2023 1044 -
Reflections from DevNexus, the largest Java conference in the U.S.A. Jonathan Vila Lopez Apr. 30, 2023 670 -
Weird Python: 5 Unexpected Behaviors in the Python Interpreter Quazi Nafiul Islam May. 01, 2023 988 -
Why SonarQube 9.9 LTS is a must-have for Python developers Colin Mueller May. 04, 2023 1546 -
CNCF Silver membership Jonathan Vila May. 04, 2023 183 -
ES2023 introduces new array copying methods to JavaScript Phil Nash May. 10, 2023 1332 1
Is Clean Code the solution to Jupyter notebook code quality? Andrew Osborne May. 10, 2023 1481 -
SonarCloud or SonarQube? - Guidance on Choosing One for Your Team Clint Cameron May. 15, 2023 1233 -
Pimcore: One click, two security vulnerabilities Yaniv Nizry May. 15, 2023 1577 -
SonarLint supports Go analysis! Andrew Osborne May. 17, 2023 570 -
Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes Clint Cameron May. 23, 2023 580 -
Reflections from OffensiveCon 2023 Thomas Chauchefoin May. 24, 2023 1012 -
Hands on with the Node.js test runner Phil Nash May. 30, 2023 2099 1
Why SonarQube 9.9 LTS is a must-have for Java developers Colin Mueller Jun. 01, 2023 2003 -
What Mr. Miyagi can teach you about writing Clean Code Liz Ryan Jun. 06, 2023 862 -
Sonar at JSNation 2023 in Amsterdam Gabriel Vivas Jun. 08, 2023 676 -
Smarter Together: Fostering a culture of collaboration and growth at Sonar Marisa Davis Jun. 14, 2023 851 -
SonarQube 10.1 release announcement Kirti Joshi Jun. 21, 2023 208 -
Why SonarQube 9.9 LTS is a must-have for JavaScript and TypeScript Developers Colin Mueller Jun. 22, 2023 1357 -
Why ORMs and Prepared Statements Can't (Always) Win Thomas Chauchefoin Jun. 26, 2023 2037 -
TyphoonCon 2023 Wrap Up Thomas Chauchefoin Jun. 29, 2023 586 -
TROOPERS 2023 Conference Takeaways Stefan Schiller Jul. 05, 2023 886 -
Why SonarQube 9.9 LTS is a must-have for PHP Developers Colin Mueller Jul. 13, 2023 978 -
How Sonar Developer Advocates got started in their careers Liz Ryan Jul. 18, 2023 1837 -
New Research from Sonar on Cost of Technical Debt Manish Gupta Jul. 19, 2023 592 -
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State Stefan Schiller Jul. 19, 2023 1697 -
Working with Multiple Code Variants in C++ Phil Nash Aug. 03, 2023 1194 -
WeAreDevelopers 2023 - what did you miss? Andrew Osborne Aug. 10, 2023 620 -
No, C++ static analysis does not have to be painful Geoffray Adde Aug. 13, 2023 1452 -
Patches, Collisions, and Root Shells: A Pwn2Own Adventure Paul Gerste, Thomas Chauchefoin, Stefan Schiller Aug. 14, 2023 1793 -
What is deeper SAST in JavaScript? Phil Nash Aug. 17, 2023 1059 -
BlackHat 2023: Hackers, Casinos, and an Exciting Announcement Kirti Joshi | Thomas Chauchefoin Aug. 18, 2023 834 -
Playing Dominos with Moodle's Security (1/2) Yaniv Nizry Aug. 21, 2023 1114 -
Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress Alexandre Gigleux Aug. 20, 2023 793 -
Playing Dominos with Moodle's Security (2/2) Yaniv Nizry Aug. 28, 2023 1522 -
Code Vulnerabilities Put Proton Mails at Risk Paul Gerste Sep. 04, 2023 3509 4
Introducing SonarQube 10.2: Setting New Standards in Code Quality and Security Bianka Banova Sep. 06, 2023 1210 -
Get the benefits of TypeScript in your JavaScript Phil Nash Sep. 07, 2023 1552 -
Security Guy TV Interview - Going Deeper with SAST and Clean Code Katie Hyman Sep. 08, 2023 2129 -
Code Vulnerabilities Put Skiff Emails at Risk Paul Gerste Sep. 12, 2023 1934 -
Typing your JavaScript without writing TypeScript Phil Nash Sep. 13, 2023 617 -
Enhancing Software Development Practices through SonarQube: A Path to Continuous Learning Hannah Zimmerman Sep. 14, 2023 566 -
The new JDK LTS is out! Long live JDK 21! Jonathan Vila Sep. 19, 2023 953 -
Remote Code Execution in Tutanota Desktop due to Code Flaw Paul Gerste Sep. 20, 2023 2741 2
5 Clean Code Tips for Reducing Cognitive Complexity John Clifton Sep. 22, 2023 532 -
Open Source Summit 2023 Jonathan Vila Sep. 26, 2023 473 -
Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity Stefan Schiller Sep. 26, 2023 1536 1
Sonar's Scoring on the Top 3 Java SAST Benchmarks Alexandre Gigleux Sep. 26, 2023 824 -
Unzipping Dangers: OpenRefine Zip Slip Vulnerability Stefan Schiller Sep. 27, 2023 1276 -
A comprehensive guide to the dangers of Regular Expressions in JavaScript Phil Nash Sep. 28, 2023 2901 3
Why I’m passionate about Static Analysis and how I helped make it better Abbas Sabra Oct. 02, 2023 2212 -
ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code Katie Hyman Oct. 05, 2023 1975 -
Interview with Sonar Java Enthusiasts Tony Graham Oct. 09, 2023 1948 -
Java SAST Benchmarks: why you shouldn't trust them blindly Pierre-Loup Tristant Oct. 11, 2023 1111 -
Security Vulnerabilities in CasaOS Thomas Chauchefoin Oct. 17, 2023 2087 -
What is Clean Code? Gabriel Vivas Oct. 18, 2023 1552 -
Highlights from Hexacon 2023 Stefan Schiller Oct. 18, 2023 817 -
Shifting Right for Secure Platforms and DevOps Ben Dechrai Oct. 25, 2023 1430 -
9 Steps to get the most out of your SonarCloud Trial Zoe Bell Nov. 07, 2023 1684 -
Linux Foundation Chat: Open Source & Clean Code Katie Hyman Nov. 07, 2023 300 -
Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3) Thomas Chauchefoin, Paul Gerste Nov. 07, 2023 3389 -
Sonar's Scoring on the Top 3 C# SAST Benchmarks Alexandre Gigleux Nov. 07, 2023 704 -
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3) Paul Gerste Nov. 14, 2023 2378 -
SonarQube 10.3 Release Announcement Robert Curlee Nov. 15, 2023 503 -
Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3) Thomas Chauchefoin, Paul Gerste Nov. 20, 2023 1748 -
Top issues in Java projects Jonathan Vila Sep. 26, 2023 971 -
Sonar is “On the Radar”: New Omdia Report Katie Hyman Nov. 29, 2023 453 -
Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school Alexandre Gigleux Nov. 07, 2023 653 -
Unraveling the Costs of Bad Code in Software Development Liz Ryan Dec. 05, 2023 611 -
Stop nesting ternaries in JavaScript Phil Nash Dec. 07, 2023 1299 2
Spring framework pitfalls Jonathan Vila Dec. 11, 2023 1252 -
pfSense Security: Sensing Code Vulnerabilities with SonarCloud Oskar Zeino-Mahmalat Dec. 11, 2023 2177 3
Sonar @ Black Hat Europe! Thomas Chauchefoin Dec. 13, 2023 699 -
2024 Security Predictions from the Sonar Research Team Johannes Dahse Dec. 14, 2023 621 -
2024 DevOps Predictions from the Sonar Developer Advocate Team Peter McKee Dec. 21, 2023 910 -
AI-Generated Code Demands ‘Trust, But Verify’ Approach to Software Development Tariq Shaukat Apr. 11, 2024 1389 -
C# Logging Best Practices with .NET Denis Troller Apr. 10, 2024 2561 -
Apache Dubbo Consumer Risks: The Road Not Taken Yaniv Nizry Apr. 01, 2024 1633 -
Ensuring the right usage of Java 21 new features Jonathan Vila Apr. 01, 2024 1510 -
Technical debt’s impact on development speed and code quality Bianka Banova Mar. 27, 2024 831 -
DORA Compliance for Financial Entities: leveraging Sonar solutions to ensure code security by design Adam Surdy Mar. 22, 2024 933 -
Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices Paul Gerste Mar. 21, 2024 2210 -
__dirname is back in Node.js with ES modules Phil Nash Mar. 21, 2024 911 3
#CleanCodeTips: Unlock Your Coding Potential Peter McKee Mar. 12, 2024 830 -
Reply to calc: The Attack Chain to Compromise Mailspring Yaniv Nizry Mar. 11, 2024 1684 -
Are You Ready For PCI DSS 4.0? Robert Curlee Mar. 11, 2024 949 -
Increase readability with Java's Pattern Matching Jonathan Vila Mar. 04, 2024 638 1
OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways Stefan Schiller Feb. 29, 2024 1945 -
White House emphasizes need for proactive coding practices to counter cyber attacks Harry Wang Feb. 29, 2024 782 -
Sonar Reaffirms Strength of its Information Security Management Systems by Earning The Latest ISO Certification, ISO27001:2022 Andrea Malagodi Feb. 27, 2024 349 -
How timely delivery comes from transparent outsourced software development communication Liz Ryan Feb. 27, 2024 1000 -
Builders, Withers, and Records - Java’s path to immutability Jonathan Vila Feb. 21, 2024 927 -
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities Stefan Schiller Feb. 20, 2024 1259 -
Union, intersection, difference, and more are coming to JavaScript Sets Phil Nash Feb. 15, 2024 1280 115
Write cleaner React code with SonarQube 10.4 Phil Nash Feb. 13, 2024 1163 -
Introducing the new Sonar Web API V2 Aurélien Poscia Feb. 08, 2024 935 -
Building the foundation for a strong AI future Harry Wang Feb. 08, 2024 466 -
5 Risks of Outsourcing Software Development and How to Avoid Them Liz Ryan Feb. 07, 2024 1281 -
SonarQube 10.4 Release Announcement Robert Curlee Feb. 06, 2024 665 -
Pitfalls of Desanitization: Leaking Customer Data from osTicket Oskar Zeino-Mahmalat Feb. 06, 2024 1991 -
Juliet C# Benchmark and the SecureString case Gaëtan Ferry Feb. 01, 2024 1413 -
Who are you? The Importance of Verifying Message Origins Stefan Schiller Jan. 28, 2024 1203 -
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins Yaniv Nizry Jan. 24, 2024 1464 1
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows Denis Troller Jan. 23, 2024 963 -
Lessons learned upgrading to React 18 in SonarQube Phil Nash Jan. 17, 2024 1212 -
Vulnerability Research Highlights 2023 Stefan Schiller Jan. 03, 2024 1572 -
Sonar's Scoring on the Top 3 Python SAST Benchmarks Alexandre Gigleux Dec. 28, 2023 442 -
Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024 Fabrice Bellingard Jun. 20, 2024 542 -
Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages Paul Gerste Jun. 17, 2024 1978 -
Integrating SonarCloud with Amazon CodeCatalyst for Code Analysis Manish Kapur Jun. 10, 2024 668 -
An Open Letter to Sonar[Qube] Users Lynne Doherty Jun. 06, 2024 558 -
mXSS: The Vulnerability Hiding in Your Code Yaniv Nizry May. 27, 2024 2965 1
Sonar Named Leader in G2 Spring Report Zoe Bell May. 20, 2024 331 -
Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar Johannes Dahse May. 15, 2024 1054 -
Parallel Code Security: The Challenge of Concurrency Stefan Schiller May. 14, 2024 2946 -
Code Interoperability: The Hazards of Technological Variety Stefan Schiller May. 07, 2024 3428 -
Leveraging SonarQube, SonarCloud, and SonarLint for Effective Shift Left Practices Manish Kapur May. 01, 2024 1240 -
Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis Tony Graham Apr. 30, 2024 876 -
Legacy Codebases are a DevOps Issue Ben Dechrai Apr. 18, 2024 1346 -
SonarQube 10.5 Release Announcement Robert Curlee Apr. 16, 2024 415 -
Dangerous Import: SourceForge Patches Critical Code Vulnerability Stefan Schiller Apr. 16, 2024 1192 -
Sonar Named a Leader in G2 Grid Report for Sixteenth Consecutive Quarter Zoe Bell Jul. 23, 2024 420 -
Uncovering hidden security vulnerabilities with deeper SAST Johannes Dahse Aug. 08, 2023 1507 -
AutoConfig: C++ Code Analysis Redefined Abbas Sabra Jul. 17, 2024 1143 -
SonarQube 10.6 Release Announcement Robert Curlee Jun. 25, 2024 601 -
Pre-Auth Takeover of OXID eShops Robin Peraglie Jul. 28, 2019 715 -
LimeSurvey 2.72.3 - Persistent XSS to Code Execution Robin Peraglie Apr. 09, 2018 567 -
Announcing SonarQube 9.9 LTS! Kirti Joshi Feb. 07, 2023 744 -
What Code Issues Caused the CrowdStrike Outage? Sonar Jul. 25, 2024 1229 -
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2) Thomas Chauchefoin, Paul Gerste Jul. 09, 2024 2344 -
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail Oskar Zeino-Mahmalat Aug. 05, 2024 580 -
A Salesmans Code Execution: PrestaShop 1.7.2.4 Robin Peraglie May. 06, 2018 676 -
Using and Understanding SonarQube for Code Coverage Manish Kapur Jul. 08, 2024 1093 -
[ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for and Impact of Clean Code at QCon London 2024 Arden Gonzales Aug. 15, 2024 743 -
SugarCRM's Security Diet - Multiple Vulnerabilities Robin Peraglie Sep. 13, 2017 863 -
Encoding Differentials: Why Charset Matters Stefan Schiller Jul. 15, 2024 2136 3
WordPress Design Flaw Leads to WooCommerce RCE Simon Scannell Nov. 05, 2018 918 -
Now Introducing, SonarCloud Enterprise and SonarCloud Team Andrew Osborne Jul. 31, 2024 692 -
SuiteCRM 7.11.4 - Breaking Into Your Internal Network Robin Peraglie Aug. 19, 2019 878 -
The True Cost of Bad Code in Software Development Liz Ryan Jun. 27, 2024 678 -
Deliver high-quality ASP.NET Core web apps with Sonar. Denis Troller Jul. 24, 2024 1121 -
Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire Stefan Schiller Aug. 13, 2024 1357 -
How security flaws in PHP's core can affect your application Johannes Dahse Jul. 19, 2017 846 -
Shopware 5.3.3: PHP Object Instantiation to Blind XXE Karim El Ouerghemmi Nov. 07, 2017 999 -
How Sonar Helps Meeting NIST SSDF Code Security Requirements Robert Curlee Aug. 07, 2024 679 -
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2) Thomas Chauchefoin, Paul Gerste Jul. 02, 2024 2279 2
How to Choose an LLM in Software Development Manish Kapur Aug. 27, 2024 1687 -
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities Yaniv Nizry Sep. 02, 2024 1268 -
How can Sonar help with ISO 27001 compliance? Mark Clements Sep. 03, 2024 684 -
Top security flaws hiding in your code - and how to fix them Jonathan Vila Sep. 09, 2024 1311 -
Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix Manish Kapur Oct. 03, 2024 751 -
Building Confidence and Trust in AI-Generated Code Manish Kapur Oct. 03, 2024 930 -
SonarQube 10.7 Release Announcement Robert Curlee Oct. 04, 2024 759 -
Announcing Sonar's Support for Dart: Elevate Your Code Quality Andrew Osborne Oct. 07, 2024 710 -
Why Code Security Matters - Even in Hardened Environments Stefan Schiller Oct. 08, 2024 2681 -
The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator Stefan Schiller Oct. 22, 2024 1401 -
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail Yaniv Nizry Nov. 05, 2024 1835 -
Our commitment to you – and an update on severity ratings for software quality Tom Howlett Nov. 13, 2024 708 -
How to Trust AI Contributions to Your Codebase Anirban Chatterjee Nov. 14, 2024 1319 -
A better (free) SonarQube experience Fabrice Bellingard Nov. 19, 2024 717 -

By Matt Makai. 2021-2024.