| A C&C++ tour of SonarLint for VS Code |
Abbas Sabra and Geoffray Adde |
May 03, 2022 |
534 |
- |
| A Look Back at KubeCon 2022 |
Clint Cameron |
Nov 10, 2022 |
507 |
- |
| Compilation database: An alternative way to configure your C or C++ analysis |
Loïc Joly |
Aug 24, 2021 |
1915 |
- |
| Apache Kylin 3.0.1 Command Injection Vulnerability |
Johannes Dahse |
Jun 01, 2020 |
983 |
- |
| Bad code costs more than just your money |
Liz Ryan |
Oct 13, 2022 |
182 |
- |
| Beyond the Rules of Three, Five and Zero |
Phil Nash |
Oct 26, 2022 |
1712 |
- |
| Bitbucket 6.1.1 Path Traversal to RCE |
Johannes Dahse |
Sep 03, 2019 |
999 |
- |
| Bits from Hexacon 2022 |
Thomas Chauchefoin |
Oct 25, 2022 |
1047 |
- |
| Remote Code Execution via Prototype Pollution in Blitz.js |
Paul Gerste |
Jul 12, 2022 |
2126 |
- |
| Breaking the SonarQube Analysis with Jenkins Pipelines |
Julien Henry |
Apr 19, 2017 |
430 |
- |
| Broken pipelines for everyone! |
Christophe Havard |
Jun 08, 2021 |
581 |
- |
| Bugs and Vulnerabilities are 1st Class Citizens in SonarQube Quality Model along with Code Smells |
G. Ann Campbell |
Jun 02, 2016 |
460 |
- |
| Cachet 2.4: Code Execution via Laravel Configuration Injection |
Thomas Chauchefoin |
Sep 21, 2021 |
1643 |
- |
| Cacti: Unauthenticated Remote Code Execution |
Stefan Schiller |
Jan 03, 2023 |
1450 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) |
Stefan Schiller |
Nov 01, 2022 |
2513 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3) |
Stefan Schiller |
Nov 08, 2022 |
2797 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3) |
Stefan Schiller |
Nov 15, 2022 |
2032 |
- |
| CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained |
Dennis Brinkrolf |
Jun 21, 2021 |
1745 |
- |
| Clean as You Code: How to win at Code Quality without even trying |
G. Ann Campbell |
Jan 20, 2020 |
993 |
- |
| Clean As You Code essentials - What are Quality Profiles and Quality Gates? |
Clint Cameron |
Jul 21, 2021 |
1946 |
- |
| Code Security Advent Calendar 2020 |
Johannes Dahse |
Nov 26, 2020 |
499 |
- |
| Code Security Advent Calendar 2021 |
Thomas Chauchefoin |
Nov 29, 2021 |
525 |
- |
| Code Security Advent Calendar 2022 |
Paul Gerste |
Nov 29, 2022 |
632 |
- |
| Code security: now there's a tool for developers |
G. Ann Campbell |
Dec 11, 2020 |
393 |
- |
| Code Vulnerabilities in NSA Application Revealed |
Dennis Brinkrolf |
Apr 06, 2021 |
1346 |
- |
| Codoforum 4.8.7: Critical Code Vulnerabilities Explained |
Dennis Brinkrolf |
Aug 25, 2020 |
1959 |
- |
| Cognitive Complexity, Because Testability != Understandability |
G. Ann Campbell |
Dec 07, 2016 |
1069 |
- |
| Common TypeScript Issues Nº 5: Optional property declarations |
Phil Nash |
Jan 30, 2023 |
661 |
- |
| CTF Writeup: Complex Drupal POP Chain |
Simon Scannell |
Jan 29, 2019 |
6 |
- |
| Crafting regexes to avoid stack overflows |
Sebastian Hungerecker |
Feb 23, 2021 |
881 |
- |
| CubeCart 6.1.12 - Admin Authentication Bypass |
Robin Peraglie |
Jan 17, 2018 |
1166 |
- |
| What I learned from using SonarQube for the first time |
Sonar |
Dec 01, 2022 |
1624 |
- |
| Disclosing information with a side-channel in Django |
Dennis Brinkrolf |
Jul 26, 2022 |
3247 |
- |
| Doing More with Less in Uncertain Times |
Bruce Herbert |
Nov 18, 2022 |
571 |
- |
| dotCMS 5.1.5: Exploiting H2 SQL injection to RCE |
Sonar |
Jun 25, 2019 |
908 |
- |
| Drive By RCE Exploit in Pimcore 6.2.0 |
Robin Peraglie |
Oct 21, 2019 |
759 |
- |
| elFinder - A Case Study of Web File Manager Vulnerabilities |
Thomas Chauchefoin |
Aug 17, 2021 |
2949 |
- |
| Etherpad 1.8.13 - Code Execution Vulnerabilities |
Paul Gerste |
Jul 13, 2021 |
1348 |
- |
| Why did my coverage just drop?! |
G. Ann Campbell |
Jan 23, 2018 |
588 |
- |
| Exploiting Hibernate Injections |
Robin Peraglie |
Feb 25, 2020 |
1300 |
- |
| False positives are our enemies, but may still be your friends |
Loïc Joly |
Sep 15, 2020 |
2204 |
- |
| Five SonarCloud features for developers that want Clean Code |
Thomas Olivier |
Oct 06, 2022 |
1317 |
- |
| Fully Automated Promotion Pipelines with SonarQube and Artifactory |
Fabrice Bellingard |
Sep 25, 2018 |
959 |
- |
| Ghost CMS 4.3.2 - Cross-Origin Admin Takeover |
Paul Gerste |
Aug 31, 2021 |
1307 |
- |
| Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD |
Simon Scannell |
Oct 27, 2021 |
9 |
- |
| Agent 008: Chaining Vulnerabilities to Compromise GoCD |
Simon Scannell and Thomas Chauchefoin |
Nov 11, 2021 |
2446 |
- |
| Grav CMS 1.7.10 - Code Execution Vulnerabilities |
Thomas Chauchefoin |
Jun 01, 2021 |
1415 |
- |
| Hack the Stack with LocalStack: Code Vulnerabilities Explained |
Dennis Brinkrolf |
Mar 02, 2021 |
1533 |
- |
| Horde Webmail 5.2.22 - Account Takeover via Email |
Simon Scannell |
Feb 22, 2022 |
1508 |
- |
| Horde Webmail - Remote Code Execution via Email |
Simon Scannell |
May 31, 2022 |
1278 |
- |
| How Clean Code Practices Help You Retain Your Development Talent |
Liz Ryan |
Jul 28, 2021 |
734 |
- |
| How to enable your development team to deliver Clean Code? |
Thomas Olivier |
Dec 08, 2022 |
1595 |
- |
| Clean Your Infrastructure Code with Sonar |
Clint Cameron |
Mar 22, 2022 |
670 |
- |
| Import issues of your favorite linters in SonarCloud! |
Fabrice Bellingard |
Jun 04, 2018 |
677 |
- |
| Interview with a SonarSource Developer |
Andrew Osborne |
Sep 15, 2022 |
1134 |
- |
| My Journey Interviewing with SonarSource... |
Clint Cameron |
Aug 21, 2018 |
564 |
- |
| Joomla! 3.8.3: Privilege Escalation via SQL Injection |
Karim El Ouerghemmi |
Feb 06, 2018 |
685 |
- |
| Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection |
Robin Peraglie |
Sep 20, 2017 |
884 |
- |
| Lesser spotted React mistakes: Hooked on a feeling |
Gabriel Vivas |
Oct 20, 2022 |
1043 |
- |
| Lesser spotted React mistakes: What are we even rendering? |
Gabriel Vivas |
Jan 05, 2023 |
1547 |
- |
| Lesser spotted React mistakes: Zombie methods |
Gabriel Vivas |
Nov 28, 2022 |
1216 |
- |
| Level up your team's skills as they code |
Liz Ryan |
Jan 10, 2023 |
621 |
- |
| Magento 2.3.1: Unauthenticated Stored XSS to RCE |
Simon Scannell |
Jul 02, 2019 |
1725 |
- |
| Meet the new project experience for SonarCloud |
Thomas Olivier |
Oct 21, 2021 |
631 |
- |
| Modernizing your code with C++20 |
Phil Nash |
Dec 07, 2021 |
2111 |
- |
| Mono-repository support for Bitbucket Cloud now available for SonarCloud! |
Thomas Olivier |
Mar 29, 2021 |
451 |
- |
| Mono-repository support for GitHub and Azure DevOps Services available now! |
Thomas Olivier |
Sep 29, 2020 |
694 |
- |
| Evil Teacher: Code Injection in Moodle |
Robin Peraglie |
Jun 12, 2018 |
1699 |
- |
| MyBB Remote Code Execution Chain |
Sonar |
Mar 18, 2021 |
2019 |
- |
| MyBB <= 1.8.20: From Stored XSS to RCE |
Simon Scannell |
Jun 11, 2019 |
1154 |
- |
| What is Phar Deserialization |
Johannes Dahse |
Aug 14, 2018 |
610 |
- |
| NodeBB 1.18.4 - Remote Code Execution With One Shot |
Paul Gerste |
Nov 30, 2021 |
1989 |
- |
| NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket |
Paul Gerste |
May 18, 2021 |
2260 |
- |
| Securing Developer Tools: OneDev Remote Code Execution |
Paul Gerste |
Sep 20, 2022 |
2364 |
- |
| Code vulnerabilities put health records at risk |
Dennis Brinkrolf |
Oct 28, 2020 |
2053 |
- |
| OpenEMR - Remote Code Execution in your Healthcare System |
Dennis Brinkrolf |
Jan 25, 2023 |
1695 |
- |
| osClass 3.6.1: Remote Code Execution via Image File |
Robin Peraglie |
Dec 19, 2016 |
1060 |
- |
| Our journey toward accessibility |
Sonar |
Sep 26, 2022 |
1000 |
- |
| Pandora FMS 742: Critical Code Vulnerabilities Explained |
Dennis Brinkrolf |
Sep 22, 2020 |
1582 |
- |
| Path Traversal Vulnerabilities in Icinga Web |
Thomas Chauchefoin |
May 10, 2022 |
1952 |
- |
| PHP Object Injection |
Simon Scannell |
Oct 09, 2018 |
985 |
- |
| PHP Supply Chain Attack on Composer |
Thomas Chauchefoin |
Apr 29, 2021 |
2016 |
- |
| PHP Supply Chain Attack on PEAR |
Thomas Chauchefoin |
Mar 29, 2022 |
2057 |
- |
| phpBB 3.2.3: Phar Deserialization to RCE |
Simon Scannell |
Nov 20, 2018 |
1123 |
- |
| The Power of Clean Code |
Olivier Gaudin |
Sep 09, 2022 |
556 |
- |
| Product portals open: we want your input |
G. Ann Campbell |
Sep 14, 2021 |
201 |
- |
| About the recent code leaks from SonarQube instances |
Olivier Gaudin |
Jul 31, 2020 |
451 |
- |
| RainLoop Webmail - Emails at Risk due to Code Flaw |
Simon Scannell |
Apr 19, 2022 |
1534 |
- |
| Regular expressions present challenges even for not-so-regular developers |
Sebastian Hungerecker |
Feb 09, 2021 |
1157 |
- |
| Remote Code Execution in Melis Platform |
Karim El Ouerghemmi, Thomas Chauchefoin |
Oct 18, 2022 |
1987 |
- |
| Review your security vulnerabilities in GitHub with code scanning alerts |
Thomas Olivier |
Feb 24, 2022 |
507 |
- |
| Roundcube 1.2.2: Command Execution via Email |
Robin Peraglie |
Dec 06, 2016 |
1087 |
- |
| How to disable XXE processing? |
Eric Therond |
Jan 25, 2022 |
1003 |
- |
| Securing Developer Tools: A New Supply Chain Attack on PHP |
Thomas Chauchefoin |
Oct 04, 2022 |
2623 |
- |
| Securing Developer Tools: Argument Injection in Visual Studio Code |
Thomas Chauchefoin |
Aug 23, 2022 |
1588 |
- |
| Securing Developer Tools: Git Integrations |
Thomas Chauchefoin |
Mar 15, 2022 |
2282 |
- |
| Securing Developer Tools: Package Managers |
Paul Gerste |
Mar 08, 2022 |
2762 |
- |
| Security Implications of URL Parsing Differentials |
Thomas Chauchefoin |
Aug 08, 2022 |
1849 |
- |
| Setting the right (regex) boundaries is important |
Sebastian Hungerecker |
Feb 16, 2021 |
1032 |
- |
| SmartStoreNET - Malicious Message leading to E-Commerce Takeover |
Thomas Chauchefoin |
Nov 02, 2021 |
1625 |
- |
| Sonar @ Pwn2Own Toronto 2022 |
Thomas Chauchefoin |
Dec 12, 2022 |
782 |
- |
| Sonar Streamlines the Race to Release |
Clint Cameron |
Aug 30, 2022 |
1364 |
- |
| SonarAnalyzer for C#: The Rule Engine You Want to Use |
Sonar |
Sep 01, 2016 |
589 |
- |
| SonarCFamily Now Supports ARM Compilers |
Massimo Paladin |
Jun 15, 2017 |
375 |
- |
| Announcing the SonarCloud Pipe for Bitbucket Cloud users! |
Nicolas Bontoux |
Feb 28, 2019 |
608 |
- |
| How SonarCloud finds bugs in high-quality Python projects |
Nicolas Harraudeau |
Nov 03, 2020 |
917 |
- |
| Protect your code against injection vulnerabilities with SonarCloud! |
Alexandre Gigleux |
Jul 10, 2018 |
363 |
- |
| Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe |
Kirti Joshi |
Aug 03, 2021 |
1052 |
- |
| Modernize Code Quality with ‘Quick Fixes’ |
Kirti Joshi |
Sep 23, 2021 |
347 |
- |
| SonarQube 9.8 is here! |
Lauren Cranford |
Dec 21, 2022 |
121 |
- |
| SonarQube 9.7 is here! |
Lauren Cranford |
Oct 19, 2022 |
79 |
- |
| Make Code Quality & Security™ an integral part of your workflow |
Clint Cameron |
Nov 10, 2020 |
1333 |
- |
| Enterprise-ready: Authentication & Authorization with SonarQube (LDAP, SSO & more) |
Nicolas Bontoux |
Jun 28, 2021 |
1270 |
- |
| 7 more reasons to upgrade to SonarQube 8.9 LTS |
Colin Mueller |
Jun 15, 2021 |
1023 |
- |
| SonarQube 8.9 LTS: 3 steps to a smooth upgrade |
Brian Cipollone |
May 05, 2021 |
967 |
- |
| Sonar’s analysis performance targets |
Alexandre Gigleux |
Jun 07, 2022 |
966 |
- |
| SonarSource acquires RIPS Technologies |
Olivier Gaudin |
May 13, 2020 |
896 |
- |
| Backend SQL Injection in BigTree CMS 4.4.6 |
Robin Peraglie |
Nov 05, 2019 |
1055 |
- |
| Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services |
Simon Scannell and Niklas Breitfeld |
Oct 19, 2021 |
1735 |
- |
| Supercharge your C++ analysis with SonarLint for CLion |
Phil Nash and Geoffray Adde |
Sep 28, 2021 |
1528 |
- |
| My Support Engineer Journey at SonarSource |
Joe Tingsanchali |
Mar 23, 2021 |
1334 |
- |
| Supporting analysis of .NET Core projects |
Duncan Pocklington |
Jan 10, 2018 |
835 |
- |
| Develop Your Cloud Native Apps the Sustainable Way |
Clint Cameron |
Dec 15, 2022 |
1196 |
- |
| Take Control of Code Quality with SonarQube Pull Request Decoration in Your Workflow |
Clint Cameron |
Jul 27, 2020 |
1050 |
- |
| The Hidden Flaws of Archives in Java |
Sonar |
May 29, 2019 |
616 |
- |
| The NeverEnding Story of writing a rule for argument passing in C++ |
Loïc Joly |
May 15, 2019 |
3012 |
- |
| The Rules of Three, Five and Zero |
Phil Nash |
Oct 11, 2022 |
1510 |
- |
| TYPO3 9.5.7: Overriding the Database to Execute Code |
Robin Peraglie |
Jul 16, 2019 |
737 |
- |
| Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them |
Eric Therond |
Jan 18, 2022 |
14 |
- |
| Use 3rd-party plugins at your own risk |
G. Ann Campbell |
Aug 10, 2021 |
1145 |
- |
| Vulnerability Research Highlights 2021 |
Johannes Dahse |
Jan 05, 2022 |
1179 |
- |
| Vulnerability Research Highlights 2022 |
Johannes Dahse |
Jan 11, 2023 |
1709 |
- |
| We Are Adjusting Rules Severities |
G. Ann Campbell |
Sep 08, 2016 |
399 |
- |
| What is 'taint analysis' and why do I care? |
G. Ann Campbell |
Feb 10, 2020 |
679 |
- |
| What to expect from JavaScript/TypeScript analysis on OWASP JuiceShop |
Alexandre Gigleux |
May 12, 2021 |
725 |
- |
| Scaling Clean Code Across the Enterprise |
Bruce Herbert |
Dec 06, 2022 |
886 |
- |
| Why mail() is dangerous in PHP |
Robin Peraglie |
May 03, 2017 |
1220 |
- |
| Why You Shouldn't Use Build Breaker |
Olivier Gaudin |
Feb 25, 2016 |
760 |
- |
| Winning the race against TOCTOU vulnerabilities in C & C++ |
G. Ann Campbell |
Oct 07, 2020 |
502 |
- |
| WooCommerce 3.6.4 - CSRF Bypass to Stored XSS |
Dennis Brinkrolf |
Oct 08, 2019 |
839 |
- |
| WordPress Core - Unauthenticated Blind SSRF |
Simon Scannell and Thomas Chauchefoin |
Sep 06, 2022 |
1630 |
1 |
| WordPress 5.1 CSRF to Remote Code Execution |
Simon Scannell |
Mar 13, 2019 |
1443 |
- |
| WordPress File Delete to Code Execution |
Karim El Ouerghemmi |
Jun 26, 2018 |
1339 |
- |
| WordPress <= 5.2.3: Hardening Bypass |
Simon Scannell |
Jan 21, 2020 |
710 |
- |
| WordPress 5.0.0 Remote Code Execution |
Simon Scannell |
Feb 19, 2019 |
2106 |
- |
| WordPress < 5.8.3 - Object Injection Vulnerability |
Simon Scannell |
Feb 08, 2022 |
1979 |
- |
| WordPress Privilege Escalation through Post Types |
Simon Scannell |
Dec 17, 2018 |
1893 |
- |
| WordPress 5.8.2 Stored XSS Vulnerability |
Karim El Ouerghemmi |
Jan 11, 2022 |
1762 |
- |
| WordPress 5.7 XXE Vulnerability |
Karim El Ouerghemmi |
Apr 27, 2021 |
1788 |
- |
| You’re 3 minutes away from clean Java pull requests! |
Thomas Olivier |
Sep 01, 2022 |
670 |
- |
| Zabbix - A Case Study of Unsafe Session Storage |
Thomas Chauchefoin |
Feb 16, 2022 |
2351 |
- |
| Zimbra Email - Stealing Clear-Text Credentials via Memcache injection |
Simon Scannell |
Jun 14, 2022 |
2727 |
- |
| Unrar Path Traversal Vulnerability affects Zimbra Mail |
Simon Scannell |
Jun 28, 2022 |
2122 |
- |
| Zimbra 8.8.15 - Webmail Compromise via Email |
Simon Scannell |
Jul 27, 2021 |
1525 |
- |
| 5 things to consider in performance comparisons |
G. Ann Campbell |
Mar 01, 2022 |
929 |
- |
| 10 Unknown Security Pitfalls for Python |
Dennis Brinkrolf |
Nov 16, 2021 |
2561 |
- |
| Increase developer velocity today with Clean as You Code |
Liz Ryan |
Feb 16, 2023 |
845 |
- |
| We are Sonar! |
Marisa Davis |
Feb 14, 2023 |
736 |
- |
| Common TypeScript Issues Nº 4: Don't create and drop objects immediately |
Phil Nash |
Feb 07, 2023 |
674 |
- |
| Common TypeScript Issues Nº 3: unused local variables and functions |
Phil Nash |
Feb 20, 2023 |
896 |
- |
| Clean Code: The Best Approach to Writing Secure Cloud Native Apps |
Clint Cameron |
Feb 21, 2023 |
310 |
- |
| Empowering weak primitives: file truncation to code execution with Git |
Thomas Chauchefoin |
Feb 27, 2023 |
1042 |
- |
| Common TypeScript Issues Nº 2: non-empty statements |
Phil Nash |
Mar 01, 2023 |
926 |
- |
| SonarQube LTS Upgrade Checklist |
Brian Cipollone |
Mar 06, 2023 |
912 |
- |
| Celebrating International Women's Day with the women of Sonar |
Liz Ryan |
Mar 08, 2023 |
2577 |
- |
| Common TypeScript Issues Nº 1: assignments within sub-expressions |
Phil Nash |
Mar 08, 2023 |
895 |
- |
| 9 more reasons to upgrade to SonarQube 9.9 LTS |
Colin Mueller |
Mar 13, 2023 |
1021 |
- |
| Cloud native features in SonarQube 9.9 LTS |
Clint Cameron |
Mar 16, 2023 |
488 |
- |
| The top 5 common TypeScript issues found by SonarLint |
Phil Nash |
Mar 20, 2023 |
615 |
- |
| Your Guide to Clean Code in Cloud Native Apps |
Clint Cameron |
Mar 23, 2023 |
306 |
- |
| Sonar is the Clean Code solution for your DevOps workflow |
Liz Ryan |
Mar 28, 2023 |
1055 |
- |
| It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS |
Stefan Schiller |
Mar 29, 2023 |
1704 |
- |
| Announcing SonarQube 10.0 |
Kirti Joshi |
Apr 04, 2023 |
257 |
- |
| How bad code destroys developer velocity |
Liz Ryan |
Apr 05, 2023 |
176 |
- |
| Another 9 reasons to upgrade to SonarQube 9.9 LTS |
Colin Mueller |
Apr 05, 2023 |
1074 |
- |
| Pretalx Vulnerabilities: How to get accepted at every conference |
Stefan Schiller |
Apr 12, 2023 |
1786 |
- |
| Sonar ❤️ Compiler Explorer: Write clean C++ code inside your browser |
Fred Tingaud |
Apr 16, 2023 |
1312 |
- |
| Interview with Sonar Python Developers Part 1 |
Andrew Osborne |
Apr 17, 2023 |
1439 |
- |
| Odoo: Get your Content Type right, or else! |
Dennis Brinkrolf, Thomas Chauchefoin |
Apr 24, 2023 |
1849 |
- |
| Interview with Sonar Python Developers Part 2 |
Andrew Osborne |
Apr 25, 2023 |
1044 |
- |
| Reflections from DevNexus, the largest Java conference in the U.S.A. |
Jonathan Vila Lopez |
Apr 30, 2023 |
670 |
- |
| Weird Python: 5 Unexpected Behaviors in the Python Interpreter |
Quazi Nafiul Islam |
May 01, 2023 |
988 |
- |
| Why SonarQube 9.9 LTS is a must-have for Python developers |
Colin Mueller |
May 04, 2023 |
1546 |
- |
| CNCF Silver membership |
Jonathan Vila |
May 04, 2023 |
183 |
- |
| ES2023 introduces new array copying methods to JavaScript |
Phil Nash |
May 10, 2023 |
1332 |
1 |
| Is Clean Code the solution to Jupyter notebook code quality? |
Andrew Osborne |
May 10, 2023 |
1481 |
- |
| SonarCloud or SonarQube? - Guidance on Choosing One for Your Team |
Clint Cameron |
May 15, 2023 |
1233 |
- |
| Pimcore: One click, two security vulnerabilities |
Yaniv Nizry |
May 15, 2023 |
1577 |
- |
| SonarLint supports Go analysis! |
Andrew Osborne |
May 17, 2023 |
570 |
- |
| Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes |
Clint Cameron |
May 23, 2023 |
580 |
- |
| Reflections from OffensiveCon 2023 |
Thomas Chauchefoin |
May 24, 2023 |
1012 |
- |
| Hands on with the Node.js test runner |
Phil Nash |
May 30, 2023 |
2099 |
1 |
| Why SonarQube 9.9 LTS is a must-have for Java developers |
Colin Mueller |
Jun 01, 2023 |
2003 |
- |
| What Mr. Miyagi can teach you about writing Clean Code |
Liz Ryan |
Jun 06, 2023 |
862 |
- |
| Sonar at JSNation 2023 in Amsterdam |
Gabriel Vivas |
Jun 08, 2023 |
676 |
- |
| Smarter Together: Fostering a culture of collaboration and growth at Sonar |
Marisa Davis |
Jun 14, 2023 |
851 |
- |
| SonarQube 10.1 release announcement |
Kirti Joshi |
Jun 21, 2023 |
208 |
- |
| Why SonarQube 9.9 LTS is a must-have for JavaScript and TypeScript Developers |
Colin Mueller |
Jun 22, 2023 |
1357 |
- |
| Why ORMs and Prepared Statements Can't (Always) Win |
Thomas Chauchefoin |
Jun 26, 2023 |
2037 |
- |
| TyphoonCon 2023 Wrap Up |
Thomas Chauchefoin |
Jun 29, 2023 |
586 |
- |
| TROOPERS 2023 Conference Takeaways |
Stefan Schiller |
Jul 05, 2023 |
886 |
- |
| Why SonarQube 9.9 LTS is a must-have for PHP Developers |
Colin Mueller |
Jul 13, 2023 |
978 |
- |
| How Sonar Developer Advocates got started in their careers |
Liz Ryan |
Jul 18, 2023 |
1837 |
- |
| New Research from Sonar on Cost of Technical Debt |
Manish Gupta |
Jul 19, 2023 |
592 |
- |
| A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State |
Stefan Schiller |
Jul 19, 2023 |
1697 |
- |
| Working with Multiple Code Variants in C++ |
Phil Nash |
Aug 03, 2023 |
1194 |
- |
| WeAreDevelopers 2023 - what did you miss? |
Andrew Osborne |
Aug 10, 2023 |
620 |
- |
| No, C++ static analysis does not have to be painful |
Geoffray Adde |
Aug 13, 2023 |
1452 |
- |
| Patches, Collisions, and Root Shells: A Pwn2Own Adventure |
Paul Gerste, Thomas Chauchefoin, Stefan Schiller |
Aug 14, 2023 |
1793 |
- |
| What is deeper SAST in JavaScript? |
Phil Nash |
Aug 17, 2023 |
1059 |
- |
| BlackHat 2023: Hackers, Casinos, and an Exciting Announcement |
Kirti Joshi | Thomas Chauchefoin |
Aug 18, 2023 |
834 |
- |
| Playing Dominos with Moodle's Security (1/2) |
Yaniv Nizry |
Aug 21, 2023 |
1114 |
- |
| Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress |
Alexandre Gigleux |
Aug 20, 2023 |
793 |
- |
| Playing Dominos with Moodle's Security (2/2) |
Yaniv Nizry |
Aug 28, 2023 |
1522 |
- |
| Code Vulnerabilities Put Proton Mails at Risk |
Paul Gerste |
Sep 04, 2023 |
3509 |
4 |
| Introducing SonarQube 10.2: Setting New Standards in Code Quality and Security |
Bianka Banova |
Sep 06, 2023 |
1210 |
- |
| Get the benefits of TypeScript in your JavaScript |
Phil Nash |
Sep 07, 2023 |
1552 |
- |
| Security Guy TV Interview - Going Deeper with SAST and Clean Code |
Katie Hyman |
Sep 08, 2023 |
2129 |
- |
| Code Vulnerabilities Put Skiff Emails at Risk |
Paul Gerste |
Sep 12, 2023 |
1934 |
- |
| Typing your JavaScript without writing TypeScript |
Phil Nash |
Sep 13, 2023 |
617 |
- |
| Enhancing Software Development Practices through SonarQube: A Path to Continuous Learning |
Hannah Zimmerman |
Sep 14, 2023 |
566 |
- |
| The new JDK LTS is out! Long live JDK 21! |
Jonathan Vila |
Sep 19, 2023 |
953 |
- |
| Remote Code Execution in Tutanota Desktop due to Code Flaw |
Paul Gerste |
Sep 20, 2023 |
2741 |
2 |
| 5 Clean Code Tips for Reducing Cognitive Complexity |
John Clifton |
Sep 22, 2023 |
532 |
- |
| Open Source Summit 2023 |
Jonathan Vila |
Sep 26, 2023 |
473 |
- |
| Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity |
Stefan Schiller |
Sep 26, 2023 |
1536 |
1 |
| Sonar's Scoring on the Top 3 Java SAST Benchmarks |
Alexandre Gigleux |
Sep 26, 2023 |
824 |
- |
| Unzipping Dangers: OpenRefine Zip Slip Vulnerability |
Stefan Schiller |
Sep 27, 2023 |
1276 |
- |
| A comprehensive guide to the dangers of Regular Expressions in JavaScript |
Phil Nash |
Sep 28, 2023 |
2901 |
3 |
| Why I’m passionate about Static Analysis and how I helped make it better |
Abbas Sabra |
Oct 02, 2023 |
2212 |
- |
| ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code |
Katie Hyman |
Oct 05, 2023 |
1975 |
- |
| Interview with Sonar Java Enthusiasts |
Tony Graham |
Oct 09, 2023 |
1948 |
- |
| Java SAST Benchmarks: why you shouldn't trust them blindly |
Pierre-Loup Tristant |
Oct 11, 2023 |
1111 |
- |
| Security Vulnerabilities in CasaOS |
Thomas Chauchefoin |
Oct 17, 2023 |
2087 |
- |
| What is Clean Code? |
Gabriel Vivas |
Oct 18, 2023 |
1552 |
- |
| Highlights from Hexacon 2023 |
Stefan Schiller |
Oct 18, 2023 |
817 |
- |
| Shifting Right for Secure Platforms and DevOps |
Ben Dechrai |
Oct 25, 2023 |
1430 |
- |
| 9 Steps to get the most out of your SonarCloud Trial |
Zoe Bell |
Nov 07, 2023 |
1684 |
- |
| Linux Foundation Chat: Open Source & Clean Code |
Katie Hyman |
Nov 07, 2023 |
300 |
- |
| Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3) |
Thomas Chauchefoin, Paul Gerste |
Nov 07, 2023 |
3389 |
- |
| Sonar's Scoring on the Top 3 C# SAST Benchmarks |
Alexandre Gigleux |
Nov 07, 2023 |
704 |
- |
| Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3) |
Paul Gerste |
Nov 14, 2023 |
2378 |
- |
| SonarQube 10.3 Release Announcement |
Robert Curlee |
Nov 15, 2023 |
503 |
- |
| Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3) |
Thomas Chauchefoin, Paul Gerste |
Nov 20, 2023 |
1748 |
- |
| Top issues in Java projects |
Jonathan Vila |
Sep 26, 2023 |
971 |
- |
| Sonar is “On the Radar”: New Omdia Report |
Katie Hyman |
Nov 29, 2023 |
453 |
- |
| Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school |
Alexandre Gigleux |
Nov 07, 2023 |
653 |
- |
| Unraveling the Costs of Bad Code in Software Development |
Liz Ryan |
Dec 05, 2023 |
611 |
- |
| Stop nesting ternaries in JavaScript |
Phil Nash |
Dec 07, 2023 |
1299 |
2 |
| Spring framework pitfalls |
Jonathan Vila |
Dec 11, 2023 |
1252 |
- |
| pfSense Security: Sensing Code Vulnerabilities with SonarCloud |
Oskar Zeino-Mahmalat |
Dec 11, 2023 |
2177 |
3 |
| Sonar @ Black Hat Europe! |
Thomas Chauchefoin |
Dec 13, 2023 |
699 |
- |
| 2024 Security Predictions from the Sonar Research Team |
Johannes Dahse |
Dec 14, 2023 |
621 |
- |
| 2024 DevOps Predictions from the Sonar Developer Advocate Team |
Peter McKee |
Dec 21, 2023 |
910 |
- |
| AI-Generated Code Demands ‘Trust, But Verify’ Approach to Software Development |
Tariq Shaukat |
Apr 11, 2024 |
1389 |
- |
| C# Logging Best Practices with .NET |
Denis Troller |
Apr 10, 2024 |
2561 |
- |
| Apache Dubbo Consumer Risks: The Road Not Taken |
Yaniv Nizry |
Apr 01, 2024 |
1633 |
- |
| Ensuring the right usage of Java 21 new features |
Jonathan Vila |
Apr 01, 2024 |
1510 |
- |
| Technical debt’s impact on development speed and code quality |
Bianka Banova |
Mar 27, 2024 |
831 |
- |
| DORA Compliance for Financial Entities: leveraging Sonar solutions to ensure code security by design |
Adam Surdy |
Mar 22, 2024 |
933 |
- |
| Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices |
Paul Gerste |
Mar 21, 2024 |
2210 |
- |
| __dirname is back in Node.js with ES modules |
Phil Nash |
Mar 21, 2024 |
911 |
3 |
| #CleanCodeTips: Unlock Your Coding Potential |
Peter McKee |
Mar 12, 2024 |
830 |
- |
| Reply to calc: The Attack Chain to Compromise Mailspring |
Yaniv Nizry |
Mar 11, 2024 |
1684 |
- |
| Are You Ready For PCI DSS 4.0? |
Robert Curlee |
Mar 11, 2024 |
949 |
- |
| Increase readability with Java's Pattern Matching |
Jonathan Vila |
Mar 04, 2024 |
638 |
1 |
| OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways |
Stefan Schiller |
Feb 29, 2024 |
1945 |
- |
| White House emphasizes need for proactive coding practices to counter cyber attacks |
Harry Wang |
Feb 29, 2024 |
782 |
- |
| Sonar Reaffirms Strength of its Information Security Management Systems by Earning The Latest ISO Certification, ISO27001:2022 |
Andrea Malagodi |
Feb 27, 2024 |
349 |
- |
| How timely delivery comes from transparent outsourced software development communication |
Liz Ryan |
Feb 27, 2024 |
1000 |
- |
| Builders, Withers, and Records - Java’s path to immutability |
Jonathan Vila |
Feb 21, 2024 |
927 |
- |
| Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities |
Stefan Schiller |
Feb 20, 2024 |
1259 |
- |
| Union, intersection, difference, and more are coming to JavaScript Sets |
Phil Nash |
Feb 15, 2024 |
1280 |
115 |
| Write cleaner React code with SonarQube 10.4 |
Phil Nash |
Feb 13, 2024 |
1163 |
- |
| Introducing the new Sonar Web API V2 |
Aurélien Poscia |
Feb 08, 2024 |
935 |
- |
| Building the foundation for a strong AI future |
Harry Wang |
Feb 08, 2024 |
466 |
- |
| 5 Risks of Outsourcing Software Development and How to Avoid Them |
Liz Ryan |
Feb 07, 2024 |
1281 |
- |
| SonarQube 10.4 Release Announcement |
Robert Curlee |
Feb 06, 2024 |
665 |
- |
| Pitfalls of Desanitization: Leaking Customer Data from osTicket |
Oskar Zeino-Mahmalat |
Feb 06, 2024 |
1991 |
- |
| Juliet C# Benchmark and the SecureString case |
Gaëtan Ferry |
Feb 01, 2024 |
1413 |
- |
| Who are you? The Importance of Verifying Message Origins |
Stefan Schiller |
Jan 28, 2024 |
1203 |
- |
| Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins |
Yaniv Nizry |
Jan 24, 2024 |
1464 |
1 |
| Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows |
Denis Troller |
Jan 23, 2024 |
963 |
- |
| Lessons learned upgrading to React 18 in SonarQube |
Phil Nash |
Jan 17, 2024 |
1212 |
- |
| Vulnerability Research Highlights 2023 |
Stefan Schiller |
Jan 03, 2024 |
1572 |
- |
| Sonar's Scoring on the Top 3 Python SAST Benchmarks |
Alexandre Gigleux |
Dec 28, 2023 |
442 |
- |
| Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024 |
Fabrice Bellingard |
Jun 20, 2024 |
542 |
- |
| Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages |
Paul Gerste |
Jun 17, 2024 |
1978 |
- |
| Integrating SonarCloud with Amazon CodeCatalyst for Code Analysis |
Manish Kapur |
Jun 10, 2024 |
668 |
- |
| An Open Letter to Sonar[Qube] Users |
Lynne Doherty |
Jun 06, 2024 |
558 |
- |
| mXSS: The Vulnerability Hiding in Your Code |
Yaniv Nizry |
May 27, 2024 |
2965 |
1 |
| Sonar Named Leader in G2 Spring Report |
Zoe Bell |
May 20, 2024 |
331 |
- |
| Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar |
Johannes Dahse |
May 15, 2024 |
1054 |
- |
| Parallel Code Security: The Challenge of Concurrency |
Stefan Schiller |
May 14, 2024 |
2946 |
- |
| Code Interoperability: The Hazards of Technological Variety |
Stefan Schiller |
May 07, 2024 |
3428 |
- |
| Leveraging SonarQube, SonarCloud, and SonarLint for Effective Shift Left Practices |
Manish Kapur |
May 01, 2024 |
1240 |
- |
| Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis |
Tony Graham |
Apr 30, 2024 |
876 |
- |
| Legacy Codebases are a DevOps Issue |
Ben Dechrai |
Apr 18, 2024 |
1346 |
- |
| SonarQube 10.5 Release Announcement |
Robert Curlee |
Apr 16, 2024 |
415 |
- |
| Dangerous Import: SourceForge Patches Critical Code Vulnerability |
Stefan Schiller |
Apr 16, 2024 |
1192 |
- |
| Sonar Named a Leader in G2 Grid Report for Sixteenth Consecutive Quarter |
Zoe Bell |
Jul 23, 2024 |
420 |
- |
| Uncovering hidden security vulnerabilities with deeper SAST |
Johannes Dahse |
Aug 08, 2023 |
1507 |
- |
| AutoConfig: C++ Code Analysis Redefined |
Abbas Sabra |
Jul 17, 2024 |
1143 |
- |
| SonarQube 10.6 Release Announcement |
Robert Curlee |
Jun 25, 2024 |
601 |
- |
| Pre-Auth Takeover of OXID eShops |
Robin Peraglie |
Jul 28, 2019 |
715 |
- |
| LimeSurvey 2.72.3 - Persistent XSS to Code Execution |
Robin Peraglie |
Apr 09, 2018 |
567 |
- |
| Announcing SonarQube 9.9 LTS! |
Kirti Joshi |
Feb 07, 2023 |
744 |
- |
| What Code Issues Caused the CrowdStrike Outage? |
Sonar |
Jul 25, 2024 |
1229 |
- |
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2) |
Thomas Chauchefoin, Paul Gerste |
Jul 09, 2024 |
2344 |
- |
| Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail |
Oskar Zeino-Mahmalat |
Aug 05, 2024 |
580 |
- |
| A Salesmans Code Execution: PrestaShop 1.7.2.4 |
Robin Peraglie |
May 06, 2018 |
676 |
- |
| Using and Understanding SonarQube for Code Coverage |
Manish Kapur |
Jul 08, 2024 |
1093 |
- |
| [ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for and Impact of Clean Code at QCon London 2024 |
Arden Gonzales |
Aug 15, 2024 |
743 |
- |
| SugarCRM's Security Diet - Multiple Vulnerabilities |
Robin Peraglie |
Sep 13, 2017 |
863 |
- |
| Encoding Differentials: Why Charset Matters |
Stefan Schiller |
Jul 15, 2024 |
2136 |
3 |
| WordPress Design Flaw Leads to WooCommerce RCE |
Simon Scannell |
Nov 05, 2018 |
918 |
- |
| Now Introducing, SonarCloud Enterprise and SonarCloud Team |
Andrew Osborne |
Jul 31, 2024 |
692 |
- |
| SuiteCRM 7.11.4 - Breaking Into Your Internal Network |
Robin Peraglie |
Aug 19, 2019 |
878 |
- |
| The True Cost of Bad Code in Software Development |
Liz Ryan |
Jun 27, 2024 |
678 |
- |
| Deliver high-quality ASP.NET Core web apps with Sonar. |
Denis Troller |
Jul 24, 2024 |
1121 |
- |
| Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire |
Stefan Schiller |
Aug 13, 2024 |
1357 |
- |
| How security flaws in PHP's core can affect your application |
Johannes Dahse |
Jul 19, 2017 |
846 |
- |
| Shopware 5.3.3: PHP Object Instantiation to Blind XXE |
Karim El Ouerghemmi |
Nov 07, 2017 |
999 |
- |
| How Sonar Helps Meeting NIST SSDF Code Security Requirements |
Robert Curlee |
Aug 07, 2024 |
679 |
- |
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2) |
Thomas Chauchefoin, Paul Gerste |
Jul 02, 2024 |
2279 |
2 |
| How to Choose an LLM in Software Development |
Manish Kapur |
Aug 27, 2024 |
1687 |
- |
| Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities |
Yaniv Nizry |
Sep 02, 2024 |
1268 |
- |
| How can Sonar help with ISO 27001 compliance? |
Mark Clements |
Sep 03, 2024 |
684 |
- |
| Top security flaws hiding in your code - and how to fix them |
Jonathan Vila |
Sep 09, 2024 |
1311 |
- |
| Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix |
Manish Kapur |
Oct 03, 2024 |
751 |
- |
| Building Confidence and Trust in AI-Generated Code |
Manish Kapur |
Oct 03, 2024 |
930 |
- |
| SonarQube 10.7 Release Announcement |
Robert Curlee |
Oct 04, 2024 |
759 |
- |
| Announcing Sonar's Support for Dart: Elevate Your Code Quality |
Andrew Osborne |
Oct 07, 2024 |
710 |
- |
| Why Code Security Matters - Even in Hardened Environments |
Stefan Schiller |
Oct 08, 2024 |
2681 |
1 |
| The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator |
Stefan Schiller |
Oct 22, 2024 |
1401 |
- |
| Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail |
Yaniv Nizry |
Nov 05, 2024 |
1835 |
2 |
| Our commitment to you – and an update on severity ratings for software quality |
Tom Howlett |
Nov 13, 2024 |
708 |
- |
| How to Trust AI Contributions to Your Codebase |
Anirban Chatterjee |
Nov 14, 2024 |
1319 |
- |
| A better (free) SonarQube experience |
Fabrice Bellingard |
Nov 19, 2024 |
717 |
- |
| The new SonarQube free tier is here - get started today! |
Andrew Osborne |
Dec 05, 2024 |
850 |
- |
| SonarQube Server 10.8 Release Announcement |
Robert Curlee |
Dec 04, 2024 |
641 |
- |
| Software and AI in 2025 — Sonar Perspectives on What’s to Come in the New Year |
Katie Hyman |
Dec 11, 2024 |
1021 |
- |
| Never Underestimate CSRF: Why Origin Reflection is a Bad Idea |
Paul Gerste |
Dec 10, 2024 |
1782 |
- |