| A C&C++ tour of SonarLint for VS Code |
Abbas Sabra and Geoffray Adde |
May. 03, 2022 |
534 |
- |
| A Look Back at KubeCon 2022 |
Clint Cameron |
Nov. 10, 2022 |
507 |
- |
| Compilation database: An alternative way to configure your C or C++ analysis |
Loïc Joly |
Aug. 24, 2021 |
1915 |
- |
| Apache Kylin 3.0.1 Command Injection Vulnerability |
Johannes Dahse |
Jun. 01, 2020 |
983 |
- |
| Bad code costs more than just your money |
Liz Ryan |
Oct. 13, 2022 |
182 |
- |
| Beyond the Rules of Three, Five and Zero |
Phil Nash |
Oct. 26, 2022 |
1712 |
- |
| Bitbucket 6.1.1 Path Traversal to RCE |
Johannes Dahse |
Sep. 03, 2019 |
999 |
- |
| Bits from Hexacon 2022 |
Thomas Chauchefoin |
Oct. 25, 2022 |
1047 |
- |
| Remote Code Execution via Prototype Pollution in Blitz.js |
Paul Gerste |
Jul. 12, 2022 |
2126 |
- |
| Broken pipelines for everyone! |
Christophe Havard |
Jun. 08, 2021 |
581 |
- |
| Cachet 2.4: Code Execution via Laravel Configuration Injection |
Thomas Chauchefoin |
Sep. 21, 2021 |
1643 |
- |
| Cacti: Unauthenticated Remote Code Execution |
Stefan Schiller |
Jan. 03, 2023 |
1450 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) |
Stefan Schiller |
Nov. 01, 2022 |
2513 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3) |
Stefan Schiller |
Nov. 08, 2022 |
2797 |
- |
| Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3) |
Stefan Schiller |
Nov. 15, 2022 |
2032 |
- |
| CiviCRM 5.22.0 - Code Execution Vulnerability Chain Explained |
Dennis Brinkrolf |
Jun. 21, 2021 |
1745 |
- |
| Clean as You Code: How to win at Code Quality without even trying |
G. Ann Campbell |
Jan. 20, 2020 |
993 |
- |
| Clean As You Code essentials - What are Quality Profiles and Quality Gates? |
Clint Cameron |
Jul. 21, 2021 |
1946 |
- |
| Code Security Advent Calendar 2020 |
Johannes Dahse |
Nov. 26, 2020 |
499 |
- |
| Code Security Advent Calendar 2021 |
Thomas Chauchefoin |
Nov. 29, 2021 |
525 |
- |
| Code Security Advent Calendar 2022 |
Paul Gerste |
Nov. 29, 2022 |
632 |
- |
| Code security: now there's a tool for developers |
G. Ann Campbell |
Dec. 11, 2020 |
393 |
- |
| Code Vulnerabilities in NSA Application Revealed |
Dennis Brinkrolf |
Apr. 06, 2021 |
1346 |
- |
| Codoforum 4.8.7: Critical Code Vulnerabilities Explained |
Dennis Brinkrolf |
Aug. 25, 2020 |
1959 |
- |
| Common TypeScript Issues Nº 5: Optional property declarations |
Phil Nash |
Jan. 30, 2023 |
661 |
- |
| CTF Writeup: Complex Drupal POP Chain |
Simon Scannell |
Jan. 29, 2019 |
6 |
- |
| Crafting regexes to avoid stack overflows |
Sebastian Hungerecker |
Feb. 23, 2021 |
881 |
- |
| CubeCart 6.1.12 - Admin Authentication Bypass |
Robin Peraglie |
Jan. 17, 2018 |
1166 |
- |
| What I learned from using SonarQube for the first time |
Sonar |
Dec. 01, 2022 |
1624 |
- |
| Disclosing information with a side-channel in Django |
Dennis Brinkrolf |
Jul. 26, 2022 |
3247 |
- |
| Doing More with Less in Uncertain Times |
Bruce Herbert |
Nov. 18, 2022 |
571 |
- |
| dotCMS 5.1.5: Exploiting H2 SQL injection to RCE |
Sonar |
Jun. 25, 2019 |
908 |
- |
| Drive By RCE Exploit in Pimcore 6.2.0 |
Robin Peraglie |
Oct. 21, 2019 |
759 |
- |
| elFinder - A Case Study of Web File Manager Vulnerabilities |
Thomas Chauchefoin |
Aug. 17, 2021 |
2949 |
- |
| Etherpad 1.8.13 - Code Execution Vulnerabilities |
Paul Gerste |
Jul. 13, 2021 |
1348 |
- |
| Why did my coverage just drop?! |
G. Ann Campbell |
Jan. 23, 2018 |
588 |
- |
| Exploiting Hibernate Injections |
Robin Peraglie |
Feb. 25, 2020 |
1300 |
- |
| False positives are our enemies, but may still be your friends |
Loïc Joly |
Sep. 15, 2020 |
2204 |
- |
| Five SonarCloud features for developers that want Clean Code |
Thomas Olivier |
Oct. 06, 2022 |
1317 |
- |
| Fully Automated Promotion Pipelines with SonarQube and Artifactory |
Fabrice Bellingard |
Sep. 25, 2018 |
959 |
- |
| Ghost CMS 4.3.2 - Cross-Origin Admin Takeover |
Paul Gerste |
Aug. 31, 2021 |
1307 |
- |
| Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD |
Simon Scannell |
Oct. 27, 2021 |
9 |
- |
| Agent 008: Chaining Vulnerabilities to Compromise GoCD |
Simon Scannell and Thomas Chauchefoin |
Nov. 11, 2021 |
2446 |
- |
| Grav CMS 1.7.10 - Code Execution Vulnerabilities |
Thomas Chauchefoin |
Jun. 01, 2021 |
1415 |
- |
| Hack the Stack with LocalStack: Code Vulnerabilities Explained |
Dennis Brinkrolf |
Mar. 02, 2021 |
1533 |
- |
| Horde Webmail 5.2.22 - Account Takeover via Email |
Simon Scannell |
Feb. 22, 2022 |
1508 |
- |
| Horde Webmail - Remote Code Execution via Email |
Simon Scannell |
May. 31, 2022 |
1278 |
- |
| How Clean Code Practices Help You Retain Your Development Talent |
Liz Ryan |
Jul. 28, 2021 |
734 |
- |
| How to enable your development team to deliver Clean Code? |
Thomas Olivier |
Dec. 08, 2022 |
1595 |
- |
| Clean Your Infrastructure Code with Sonar |
Clint Cameron |
Mar. 22, 2022 |
670 |
- |
| Import issues of your favorite linters in SonarCloud! |
Fabrice Bellingard |
Jun. 04, 2018 |
677 |
- |
| Interview with a SonarSource Developer |
Andrew Osborne |
Sep. 15, 2022 |
1134 |
- |
| My Journey Interviewing with SonarSource... |
Clint Cameron |
Aug. 21, 2018 |
564 |
- |
| Joomla! 3.8.3: Privilege Escalation via SQL Injection |
Karim El Ouerghemmi |
Feb. 06, 2018 |
685 |
- |
| Lesser spotted React mistakes: Hooked on a feeling |
Gabriel Vivas |
Oct. 20, 2022 |
1043 |
- |
| Lesser spotted React mistakes: What are we even rendering? |
Gabriel Vivas |
Jan. 05, 2023 |
1547 |
- |
| Lesser spotted React mistakes: Zombie methods |
Gabriel Vivas |
Nov. 28, 2022 |
1216 |
- |
| Level up your team's skills as they code |
Liz Ryan |
Jan. 10, 2023 |
621 |
- |
| Magento 2.3.1: Unauthenticated Stored XSS to RCE |
Simon Scannell |
Jul. 02, 2019 |
1725 |
- |
| Meet the new project experience for SonarCloud |
Thomas Olivier |
Oct. 21, 2021 |
631 |
- |
| Modernizing your code with C++20 |
Phil Nash |
Dec. 07, 2021 |
2111 |
- |
| Mono-repository support for Bitbucket Cloud now available for SonarCloud! |
Thomas Olivier |
Mar. 29, 2021 |
451 |
- |
| Mono-repository support for GitHub and Azure DevOps Services available now! |
Thomas Olivier |
Sep. 29, 2020 |
694 |
- |
| Evil Teacher: Code Injection in Moodle |
Robin Peraglie |
Jun. 12, 2018 |
1699 |
- |
| MyBB Remote Code Execution Chain |
Sonar |
Mar. 18, 2021 |
2019 |
- |
| MyBB <= 1.8.20: From Stored XSS to RCE |
Simon Scannell |
Jun. 11, 2019 |
1154 |
- |
| What is Phar Deserialization |
Johannes Dahse |
Aug. 14, 2018 |
610 |
- |
| NodeBB 1.18.4 - Remote Code Execution With One Shot |
Paul Gerste |
Nov. 30, 2021 |
1989 |
- |
| NoSQL Injections in Rocket.Chat 3.12.1: How A Small Leak Grounds A Rocket |
Paul Gerste |
May. 18, 2021 |
2260 |
- |
| Securing Developer Tools: OneDev Remote Code Execution |
Paul Gerste |
Sep. 20, 2022 |
2364 |
- |
| Code vulnerabilities put health records at risk |
Dennis Brinkrolf |
Oct. 28, 2020 |
2053 |
- |
| OpenEMR - Remote Code Execution in your Healthcare System |
Dennis Brinkrolf |
Jan. 25, 2023 |
1695 |
- |
| Our journey toward accessibility |
Sonar |
Sep. 26, 2022 |
1000 |
- |
| Pandora FMS 742: Critical Code Vulnerabilities Explained |
Dennis Brinkrolf |
Sep. 22, 2020 |
1582 |
- |
| Path Traversal Vulnerabilities in Icinga Web |
Thomas Chauchefoin |
May. 10, 2022 |
1952 |
- |
| PHP Object Injection |
Simon Scannell |
Oct. 09, 2018 |
985 |
- |
| PHP Supply Chain Attack on Composer |
Thomas Chauchefoin |
Apr. 29, 2021 |
2016 |
- |
| PHP Supply Chain Attack on PEAR |
Thomas Chauchefoin |
Mar. 29, 2022 |
2057 |
- |
| phpBB 3.2.3: Phar Deserialization to RCE |
Simon Scannell |
Nov. 20, 2018 |
1123 |
- |
| The Power of Clean Code |
Olivier Gaudin |
Sep. 09, 2022 |
556 |
- |
| Product portals open: we want your input |
G. Ann Campbell |
Sep. 14, 2021 |
201 |
- |
| About the recent code leaks from SonarQube instances |
Olivier Gaudin |
Jul. 31, 2020 |
451 |
- |
| RainLoop Webmail - Emails at Risk due to Code Flaw |
Simon Scannell |
Apr. 19, 2022 |
1534 |
- |
| Regular expressions present challenges even for not-so-regular developers |
Sebastian Hungerecker |
Feb. 09, 2021 |
1157 |
- |
| Remote Code Execution in Melis Platform |
Karim El Ouerghemmi, Thomas Chauchefoin |
Oct. 18, 2022 |
1987 |
- |
| Review your security vulnerabilities in GitHub with code scanning alerts |
Thomas Olivier |
Feb. 24, 2022 |
507 |
- |
| How to disable XXE processing? |
Eric Therond |
Jan. 25, 2022 |
1003 |
- |
| Securing Developer Tools: A New Supply Chain Attack on PHP |
Thomas Chauchefoin |
Oct. 04, 2022 |
2623 |
- |
| Securing Developer Tools: Argument Injection in Visual Studio Code |
Thomas Chauchefoin |
Aug. 23, 2022 |
1588 |
- |
| Securing Developer Tools: Git Integrations |
Thomas Chauchefoin |
Mar. 15, 2022 |
2282 |
- |
| Securing Developer Tools: Package Managers |
Paul Gerste |
Mar. 08, 2022 |
2762 |
- |
| Security Implications of URL Parsing Differentials |
Thomas Chauchefoin |
Aug. 08, 2022 |
1849 |
- |
| Setting the right (regex) boundaries is important |
Sebastian Hungerecker |
Feb. 16, 2021 |
1032 |
- |
| SmartStoreNET - Malicious Message leading to E-Commerce Takeover |
Thomas Chauchefoin |
Nov. 02, 2021 |
1625 |
- |
| Sonar @ Pwn2Own Toronto 2022 |
Thomas Chauchefoin |
Dec. 12, 2022 |
782 |
- |
| Sonar Streamlines the Race to Release |
Clint Cameron |
Aug. 30, 2022 |
1364 |
- |
| Announcing the SonarCloud Pipe for Bitbucket Cloud users! |
Nicolas Bontoux |
Feb. 28, 2019 |
608 |
- |
| How SonarCloud finds bugs in high-quality Python projects |
Nicolas Harraudeau |
Nov. 03, 2020 |
917 |
- |
| Protect your code against injection vulnerabilities with SonarCloud! |
Alexandre Gigleux |
Jul. 10, 2018 |
363 |
- |
| Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe |
Kirti Joshi |
Aug. 03, 2021 |
1052 |
- |
| Modernize Code Quality with ‘Quick Fixes’ |
Kirti Joshi |
Sep. 23, 2021 |
347 |
- |
| SonarQube 9.8 is here! |
Lauren Cranford |
Dec. 21, 2022 |
121 |
- |
| SonarQube 9.7 is here! |
Lauren Cranford |
Oct. 19, 2022 |
79 |
- |
| Make Code Quality & Security™ an integral part of your workflow |
Clint Cameron |
Nov. 10, 2020 |
1333 |
- |
| Enterprise-ready: Authentication & Authorization with SonarQube (LDAP, SSO & more) |
Nicolas Bontoux |
Jun. 28, 2021 |
1270 |
- |
| 7 more reasons to upgrade to SonarQube 8.9 LTS |
Colin Mueller |
Jun. 15, 2021 |
1023 |
- |
| SonarQube 8.9 LTS: 3 steps to a smooth upgrade |
Brian Cipollone |
May. 05, 2021 |
967 |
- |
| Sonar’s analysis performance targets |
Alexandre Gigleux |
Jun. 07, 2022 |
966 |
- |
| SonarSource acquires RIPS Technologies |
Olivier Gaudin |
May. 13, 2020 |
896 |
- |
| Backend SQL Injection in BigTree CMS 4.4.6 |
Robin Peraglie |
Nov. 05, 2019 |
1055 |
- |
| Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services |
Simon Scannell and Niklas Breitfeld |
Oct. 19, 2021 |
1735 |
- |
| Supercharge your C++ analysis with SonarLint for CLion |
Phil Nash and Geoffray Adde |
Sep. 28, 2021 |
1528 |
- |
| My Support Engineer Journey at SonarSource |
Joe Tingsanchali |
Mar. 23, 2021 |
1334 |
- |
| Supporting analysis of .NET Core projects |
Duncan Pocklington |
Jan. 10, 2018 |
835 |
- |
| Develop Your Cloud Native Apps the Sustainable Way |
Clint Cameron |
Dec. 15, 2022 |
1196 |
- |
| Take Control of Code Quality with SonarQube Pull Request Decoration in Your Workflow |
Clint Cameron |
Jul. 27, 2020 |
1050 |
- |
| The Hidden Flaws of Archives in Java |
Sonar |
May. 29, 2019 |
616 |
- |
| The NeverEnding Story of writing a rule for argument passing in C++ |
Loïc Joly |
May. 15, 2019 |
3012 |
- |
| The Rules of Three, Five and Zero |
Phil Nash |
Oct. 11, 2022 |
1510 |
- |
| TYPO3 9.5.7: Overriding the Database to Execute Code |
Robin Peraglie |
Jul. 16, 2019 |
737 |
- |
| Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them |
Eric Therond |
Jan. 18, 2022 |
14 |
- |
| Use 3rd-party plugins at your own risk |
G. Ann Campbell |
Aug. 10, 2021 |
1145 |
- |
| Vulnerability Research Highlights 2021 |
Johannes Dahse |
Jan. 05, 2022 |
1179 |
- |
| Vulnerability Research Highlights 2022 |
Johannes Dahse |
Jan. 11, 2023 |
1709 |
- |
| What is 'taint analysis' and why do I care? |
G. Ann Campbell |
Feb. 10, 2020 |
679 |
- |
| What to expect from JavaScript/TypeScript analysis on OWASP JuiceShop |
Alexandre Gigleux |
May. 12, 2021 |
725 |
- |
| Scaling Clean Code Across the Enterprise |
Bruce Herbert |
Dec. 06, 2022 |
886 |
- |
| Winning the race against TOCTOU vulnerabilities in C & C++ |
G. Ann Campbell |
Oct. 07, 2020 |
502 |
- |
| WooCommerce 3.6.4 - CSRF Bypass to Stored XSS |
Dennis Brinkrolf |
Oct. 08, 2019 |
839 |
- |
| WordPress Core - Unauthenticated Blind SSRF |
Simon Scannell and Thomas Chauchefoin |
Sep. 06, 2022 |
1630 |
1 |
| WordPress 5.1 CSRF to Remote Code Execution |
Simon Scannell |
Mar. 13, 2019 |
1443 |
- |
| WordPress File Delete to Code Execution |
Karim El Ouerghemmi |
Jun. 26, 2018 |
1339 |
- |
| WordPress <= 5.2.3: Hardening Bypass |
Simon Scannell |
Jan. 21, 2020 |
710 |
- |
| WordPress 5.0.0 Remote Code Execution |
Simon Scannell |
Feb. 19, 2019 |
2106 |
- |
| WordPress < 5.8.3 - Object Injection Vulnerability |
Simon Scannell |
Feb. 08, 2022 |
1979 |
- |
| WordPress Privilege Escalation through Post Types |
Simon Scannell |
Dec. 17, 2018 |
1893 |
- |
| WordPress 5.8.2 Stored XSS Vulnerability |
Karim El Ouerghemmi |
Jan. 11, 2022 |
1762 |
- |
| WordPress 5.7 XXE Vulnerability |
Karim El Ouerghemmi |
Apr. 27, 2021 |
1788 |
- |
| You’re 3 minutes away from clean Java pull requests! |
Thomas Olivier |
Sep. 01, 2022 |
670 |
- |
| Zabbix - A Case Study of Unsafe Session Storage |
Thomas Chauchefoin |
Feb. 16, 2022 |
2351 |
- |
| Zimbra Email - Stealing Clear-Text Credentials via Memcache injection |
Simon Scannell |
Jun. 14, 2022 |
2727 |
- |
| Unrar Path Traversal Vulnerability affects Zimbra Mail |
Simon Scannell |
Jun. 28, 2022 |
2122 |
- |
| Zimbra 8.8.15 - Webmail Compromise via Email |
Simon Scannell |
Jul. 27, 2021 |
1525 |
- |
| 5 things to consider in performance comparisons |
G. Ann Campbell |
Mar. 01, 2022 |
929 |
- |
| 10 Unknown Security Pitfalls for Python |
Dennis Brinkrolf |
Nov. 16, 2021 |
2561 |
- |
| Increase developer velocity today with Clean as You Code |
Liz Ryan |
Feb. 16, 2023 |
845 |
- |
| We are Sonar! |
Marisa Davis |
Feb. 14, 2023 |
736 |
- |
| Common TypeScript Issues Nº 4: Don't create and drop objects immediately |
Phil Nash |
Feb. 07, 2023 |
674 |
- |
| Common TypeScript Issues Nº 3: unused local variables and functions |
Phil Nash |
Feb. 20, 2023 |
896 |
- |
| Clean Code: The Best Approach to Writing Secure Cloud Native Apps |
Clint Cameron |
Feb. 21, 2023 |
310 |
- |
| Empowering weak primitives: file truncation to code execution with Git |
Thomas Chauchefoin |
Feb. 27, 2023 |
1042 |
- |
| Common TypeScript Issues Nº 2: non-empty statements |
Phil Nash |
Mar. 01, 2023 |
926 |
- |
| SonarQube LTS Upgrade Checklist |
Brian Cipollone |
Mar. 06, 2023 |
912 |
- |
| Celebrating International Women's Day with the women of Sonar |
Liz Ryan |
Mar. 08, 2023 |
2577 |
- |
| Common TypeScript Issues Nº 1: assignments within sub-expressions |
Phil Nash |
Mar. 08, 2023 |
895 |
- |
| 9 more reasons to upgrade to SonarQube 9.9 LTS |
Colin Mueller |
Mar. 13, 2023 |
1021 |
- |
| Cloud native features in SonarQube 9.9 LTS |
Clint Cameron |
Mar. 16, 2023 |
488 |
- |
| The top 5 common TypeScript issues found by SonarLint |
Phil Nash |
Mar. 20, 2023 |
615 |
- |
| Your Guide to Clean Code in Cloud Native Apps |
Clint Cameron |
Mar. 23, 2023 |
306 |
- |
| Sonar is the Clean Code solution for your DevOps workflow |
Liz Ryan |
Mar. 28, 2023 |
1055 |
- |
| It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS |
Stefan Schiller |
Mar. 29, 2023 |
1704 |
- |
| Announcing SonarQube 10.0 |
Kirti Joshi |
Apr. 04, 2023 |
257 |
- |
| How bad code destroys developer velocity |
Liz Ryan |
Apr. 05, 2023 |
176 |
- |
| Another 9 reasons to upgrade to SonarQube 9.9 LTS |
Colin Mueller |
Apr. 05, 2023 |
1074 |
- |
| Pretalx Vulnerabilities: How to get accepted at every conference |
Stefan Schiller |
Apr. 12, 2023 |
1786 |
- |
| Sonar ❤️ Compiler Explorer: Write clean C++ code inside your browser |
Fred Tingaud |
Apr. 16, 2023 |
1312 |
- |
| Interview with Sonar Python Developers Part 1 |
Andrew Osborne |
Apr. 17, 2023 |
1439 |
- |
| Odoo: Get your Content Type right, or else! |
Dennis Brinkrolf, Thomas Chauchefoin |
Apr. 24, 2023 |
1849 |
- |
| Interview with Sonar Python Developers Part 2 |
Andrew Osborne |
Apr. 25, 2023 |
1044 |
- |
| Reflections from DevNexus, the largest Java conference in the U.S.A. |
Jonathan Vila Lopez |
Apr. 30, 2023 |
670 |
- |
| Weird Python: 5 Unexpected Behaviors in the Python Interpreter |
Quazi Nafiul Islam |
May. 01, 2023 |
988 |
- |
| Why SonarQube 9.9 LTS is a must-have for Python developers |
Colin Mueller |
May. 04, 2023 |
1546 |
- |
| CNCF Silver membership |
Jonathan Vila |
May. 04, 2023 |
183 |
- |
| ES2023 introduces new array copying methods to JavaScript |
Phil Nash |
May. 10, 2023 |
1332 |
1 |
| Is Clean Code the solution to Jupyter notebook code quality? |
Andrew Osborne |
May. 10, 2023 |
1481 |
- |
| SonarCloud or SonarQube? - Guidance on Choosing One for Your Team |
Clint Cameron |
May. 15, 2023 |
1233 |
- |
| Pimcore: One click, two security vulnerabilities |
Yaniv Nizry |
May. 15, 2023 |
1577 |
- |
| SonarLint supports Go analysis! |
Andrew Osborne |
May. 17, 2023 |
570 |
- |
| Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes |
Clint Cameron |
May. 23, 2023 |
580 |
- |
| Reflections from OffensiveCon 2023 |
Thomas Chauchefoin |
May. 24, 2023 |
1012 |
- |
| Hands on with the Node.js test runner |
Phil Nash |
May. 30, 2023 |
2099 |
1 |
| Why SonarQube 9.9 LTS is a must-have for Java developers |
Colin Mueller |
Jun. 01, 2023 |
2003 |
- |
| What Mr. Miyagi can teach you about writing Clean Code |
Liz Ryan |
Jun. 06, 2023 |
862 |
- |
| Sonar at JSNation 2023 in Amsterdam |
Gabriel Vivas |
Jun. 08, 2023 |
676 |
- |
| Smarter Together: Fostering a culture of collaboration and growth at Sonar |
Marisa Davis |
Jun. 14, 2023 |
851 |
- |
| SonarQube 10.1 release announcement |
Kirti Joshi |
Jun. 21, 2023 |
208 |
- |
| Why SonarQube 9.9 LTS is a must-have for JavaScript and TypeScript Developers |
Colin Mueller |
Jun. 22, 2023 |
1357 |
- |
| Why ORMs and Prepared Statements Can't (Always) Win |
Thomas Chauchefoin |
Jun. 26, 2023 |
2037 |
- |
| TyphoonCon 2023 Wrap Up |
Thomas Chauchefoin |
Jun. 29, 2023 |
586 |
- |
| TROOPERS 2023 Conference Takeaways |
Stefan Schiller |
Jul. 05, 2023 |
886 |
- |
| Why SonarQube 9.9 LTS is a must-have for PHP Developers |
Colin Mueller |
Jul. 13, 2023 |
978 |
- |
| How Sonar Developer Advocates got started in their careers |
Liz Ryan |
Jul. 18, 2023 |
1837 |
- |
| New Research from Sonar on Cost of Technical Debt |
Manish Gupta |
Jul. 19, 2023 |
592 |
- |
| A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State |
Stefan Schiller |
Jul. 19, 2023 |
1697 |
- |
| Working with Multiple Code Variants in C++ |
Phil Nash |
Aug. 03, 2023 |
1194 |
- |
| WeAreDevelopers 2023 - what did you miss? |
Andrew Osborne |
Aug. 10, 2023 |
620 |
- |
| No, C++ static analysis does not have to be painful |
Geoffray Adde |
Aug. 13, 2023 |
1452 |
- |
| Patches, Collisions, and Root Shells: A Pwn2Own Adventure |
Paul Gerste, Thomas Chauchefoin, Stefan Schiller |
Aug. 14, 2023 |
1793 |
- |
| What is deeper SAST in JavaScript? |
Phil Nash |
Aug. 17, 2023 |
1059 |
- |
| BlackHat 2023: Hackers, Casinos, and an Exciting Announcement |
Kirti Joshi | Thomas Chauchefoin |
Aug. 18, 2023 |
834 |
- |
| Playing Dominos with Moodle's Security (1/2) |
Yaniv Nizry |
Aug. 21, 2023 |
1114 |
- |
| Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress |
Alexandre Gigleux |
Aug. 20, 2023 |
793 |
- |
| Playing Dominos with Moodle's Security (2/2) |
Yaniv Nizry |
Aug. 28, 2023 |
1522 |
- |
| Code Vulnerabilities Put Proton Mails at Risk |
Paul Gerste |
Sep. 04, 2023 |
3509 |
4 |
| Introducing SonarQube 10.2: Setting New Standards in Code Quality and Security |
Bianka Banova |
Sep. 06, 2023 |
1210 |
- |
| Get the benefits of TypeScript in your JavaScript |
Phil Nash |
Sep. 07, 2023 |
1552 |
- |
| Security Guy TV Interview - Going Deeper with SAST and Clean Code |
Katie Hyman |
Sep. 08, 2023 |
2129 |
- |
| Code Vulnerabilities Put Skiff Emails at Risk |
Paul Gerste |
Sep. 12, 2023 |
1934 |
- |
| Typing your JavaScript without writing TypeScript |
Phil Nash |
Sep. 13, 2023 |
617 |
- |
| Enhancing Software Development Practices through SonarQube: A Path to Continuous Learning |
Hannah Zimmerman |
Sep. 14, 2023 |
566 |
- |
| The new JDK LTS is out! Long live JDK 21! |
Jonathan Vila |
Sep. 19, 2023 |
953 |
- |
| Remote Code Execution in Tutanota Desktop due to Code Flaw |
Paul Gerste |
Sep. 20, 2023 |
2741 |
2 |
| 5 Clean Code Tips for Reducing Cognitive Complexity |
John Clifton |
Sep. 22, 2023 |
532 |
- |
| Open Source Summit 2023 |
Jonathan Vila |
Sep. 26, 2023 |
473 |
- |
| Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity |
Stefan Schiller |
Sep. 26, 2023 |
1536 |
1 |
| Sonar's Scoring on the Top 3 Java SAST Benchmarks |
Alexandre Gigleux |
Sep. 26, 2023 |
824 |
- |
| Unzipping Dangers: OpenRefine Zip Slip Vulnerability |
Stefan Schiller |
Sep. 27, 2023 |
1276 |
- |
| A comprehensive guide to the dangers of Regular Expressions in JavaScript |
Phil Nash |
Sep. 28, 2023 |
2901 |
3 |
| Why I’m passionate about Static Analysis and how I helped make it better |
Abbas Sabra |
Oct. 02, 2023 |
2212 |
- |
| ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code |
Katie Hyman |
Oct. 05, 2023 |
1975 |
- |
| Interview with Sonar Java Enthusiasts |
Tony Graham |
Oct. 09, 2023 |
1948 |
- |
| Java SAST Benchmarks: why you shouldn't trust them blindly |
Pierre-Loup Tristant |
Oct. 11, 2023 |
1111 |
- |
| Security Vulnerabilities in CasaOS |
Thomas Chauchefoin |
Oct. 17, 2023 |
2087 |
- |
| What is Clean Code? |
Gabriel Vivas |
Oct. 18, 2023 |
1552 |
- |
| Highlights from Hexacon 2023 |
Stefan Schiller |
Oct. 18, 2023 |
817 |
- |
| Shifting Right for Secure Platforms and DevOps |
Ben Dechrai |
Oct. 25, 2023 |
1430 |
- |
| 9 Steps to get the most out of your SonarCloud Trial |
Zoe Bell |
Nov. 07, 2023 |
1684 |
- |
| Linux Foundation Chat: Open Source & Clean Code |
Katie Hyman |
Nov. 07, 2023 |
300 |
- |
| Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3) |
Thomas Chauchefoin, Paul Gerste |
Nov. 07, 2023 |
3389 |
- |
| Sonar's Scoring on the Top 3 C# SAST Benchmarks |
Alexandre Gigleux |
Nov. 07, 2023 |
704 |
- |
| Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3) |
Paul Gerste |
Nov. 14, 2023 |
2378 |
- |
| SonarQube 10.3 Release Announcement |
Robert Curlee |
Nov. 15, 2023 |
503 |
- |
| Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3) |
Thomas Chauchefoin, Paul Gerste |
Nov. 20, 2023 |
1748 |
- |
| Top issues in Java projects |
Jonathan Vila |
Sep. 26, 2023 |
971 |
- |
| Sonar is “On the Radar”: New Omdia Report |
Katie Hyman |
Nov. 29, 2023 |
453 |
- |
| Sonar keeps your secrets from leaking … unlike that "trusted" friend from grade school |
Alexandre Gigleux |
Nov. 07, 2023 |
653 |
- |
| Unraveling the Costs of Bad Code in Software Development |
Liz Ryan |
Dec. 05, 2023 |
611 |
- |
| Stop nesting ternaries in JavaScript |
Phil Nash |
Dec. 07, 2023 |
1299 |
2 |
| Spring framework pitfalls |
Jonathan Vila |
Dec. 11, 2023 |
1252 |
- |
| pfSense Security: Sensing Code Vulnerabilities with SonarCloud |
Oskar Zeino-Mahmalat |
Dec. 11, 2023 |
2177 |
3 |
| Sonar @ Black Hat Europe! |
Thomas Chauchefoin |
Dec. 13, 2023 |
699 |
- |
| 2024 Security Predictions from the Sonar Research Team |
Johannes Dahse |
Dec. 14, 2023 |
621 |
- |
| 2024 DevOps Predictions from the Sonar Developer Advocate Team |
Peter McKee |
Dec. 21, 2023 |
910 |
- |
| AI-Generated Code Demands ‘Trust, But Verify’ Approach to Software Development |
Tariq Shaukat |
Apr. 11, 2024 |
1389 |
- |
| C# Logging Best Practices with .NET |
Denis Troller |
Apr. 10, 2024 |
2561 |
- |
| Apache Dubbo Consumer Risks: The Road Not Taken |
Yaniv Nizry |
Apr. 01, 2024 |
1633 |
- |
| Ensuring the right usage of Java 21 new features |
Jonathan Vila |
Apr. 01, 2024 |
1510 |
- |
| Technical debt’s impact on development speed and code quality |
Bianka Banova |
Mar. 27, 2024 |
831 |
- |
| DORA Compliance for Financial Entities: leveraging Sonar solutions to ensure code security by design |
Adam Surdy |
Mar. 22, 2024 |
933 |
- |
| Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices |
Paul Gerste |
Mar. 21, 2024 |
2210 |
- |
| __dirname is back in Node.js with ES modules |
Phil Nash |
Mar. 21, 2024 |
911 |
3 |
| #CleanCodeTips: Unlock Your Coding Potential |
Peter McKee |
Mar. 12, 2024 |
830 |
- |
| Reply to calc: The Attack Chain to Compromise Mailspring |
Yaniv Nizry |
Mar. 11, 2024 |
1684 |
- |
| Are You Ready For PCI DSS 4.0? |
Robert Curlee |
Mar. 11, 2024 |
949 |
- |
| Increase readability with Java's Pattern Matching |
Jonathan Vila |
Mar. 04, 2024 |
638 |
1 |
| OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways |
Stefan Schiller |
Feb. 29, 2024 |
1945 |
- |
| White House emphasizes need for proactive coding practices to counter cyber attacks |
Harry Wang |
Feb. 29, 2024 |
782 |
- |
| Sonar Reaffirms Strength of its Information Security Management Systems by Earning The Latest ISO Certification, ISO27001:2022 |
Andrea Malagodi |
Feb. 27, 2024 |
349 |
- |
| How timely delivery comes from transparent outsourced software development communication |
Liz Ryan |
Feb. 27, 2024 |
1000 |
- |
| Builders, Withers, and Records - Java’s path to immutability |
Jonathan Vila |
Feb. 21, 2024 |
927 |
- |
| Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities |
Stefan Schiller |
Feb. 20, 2024 |
1259 |
- |
| Union, intersection, difference, and more are coming to JavaScript Sets |
Phil Nash |
Feb. 15, 2024 |
1280 |
115 |
| Write cleaner React code with SonarQube 10.4 |
Phil Nash |
Feb. 13, 2024 |
1163 |
- |
| Introducing the new Sonar Web API V2 |
Aurélien Poscia |
Feb. 08, 2024 |
935 |
- |
| Building the foundation for a strong AI future |
Harry Wang |
Feb. 08, 2024 |
466 |
- |
| 5 Risks of Outsourcing Software Development and How to Avoid Them |
Liz Ryan |
Feb. 07, 2024 |
1281 |
- |
| SonarQube 10.4 Release Announcement |
Robert Curlee |
Feb. 06, 2024 |
665 |
- |
| Pitfalls of Desanitization: Leaking Customer Data from osTicket |
Oskar Zeino-Mahmalat |
Feb. 06, 2024 |
1991 |
- |
| Juliet C# Benchmark and the SecureString case |
Gaëtan Ferry |
Feb. 01, 2024 |
1413 |
- |
| Who are you? The Importance of Verifying Message Origins |
Stefan Schiller |
Jan. 28, 2024 |
1203 |
- |
| Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins |
Yaniv Nizry |
Jan. 24, 2024 |
1464 |
1 |
| Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor application development grows |
Denis Troller |
Jan. 23, 2024 |
963 |
- |
| Lessons learned upgrading to React 18 in SonarQube |
Phil Nash |
Jan. 17, 2024 |
1212 |
- |
| Vulnerability Research Highlights 2023 |
Stefan Schiller |
Jan. 03, 2024 |
1572 |
- |
| Sonar's Scoring on the Top 3 Python SAST Benchmarks |
Alexandre Gigleux |
Dec. 28, 2023 |
442 |
- |
| Green Coding with Clean Code - A Recap of ecoCode Challenge Paris 2024 |
Fabrice Bellingard |
Jun. 20, 2024 |
542 |
- |
| Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages |
Paul Gerste |
Jun. 17, 2024 |
1978 |
- |
| Integrating SonarCloud with Amazon CodeCatalyst for Code Analysis |
Manish Kapur |
Jun. 10, 2024 |
668 |
- |
| An Open Letter to Sonar[Qube] Users |
Lynne Doherty |
Jun. 06, 2024 |
558 |
- |
| mXSS: The Vulnerability Hiding in Your Code |
Yaniv Nizry |
May. 27, 2024 |
2965 |
1 |
| Sonar Named Leader in G2 Spring Report |
Zoe Bell |
May. 20, 2024 |
331 |
- |
| Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar |
Johannes Dahse |
May. 15, 2024 |
1054 |
- |
| Parallel Code Security: The Challenge of Concurrency |
Stefan Schiller |
May. 14, 2024 |
2946 |
- |
| Code Interoperability: The Hazards of Technological Variety |
Stefan Schiller |
May. 07, 2024 |
3428 |
- |
| Leveraging SonarQube, SonarCloud, and SonarLint for Effective Shift Left Practices |
Manish Kapur |
May. 01, 2024 |
1240 |
- |
| Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis |
Tony Graham |
Apr. 30, 2024 |
876 |
- |
| Legacy Codebases are a DevOps Issue |
Ben Dechrai |
Apr. 18, 2024 |
1346 |
- |
| SonarQube 10.5 Release Announcement |
Robert Curlee |
Apr. 16, 2024 |
415 |
- |
| Dangerous Import: SourceForge Patches Critical Code Vulnerability |
Stefan Schiller |
Apr. 16, 2024 |
1192 |
- |
| Sonar Named a Leader in G2 Grid Report for Sixteenth Consecutive Quarter |
Zoe Bell |
Jul. 23, 2024 |
420 |
- |
| Uncovering hidden security vulnerabilities with deeper SAST |
Johannes Dahse |
Aug. 08, 2023 |
1507 |
- |
| AutoConfig: C++ Code Analysis Redefined |
Abbas Sabra |
Jul. 17, 2024 |
1143 |
- |
| SonarQube 10.6 Release Announcement |
Robert Curlee |
Jun. 25, 2024 |
601 |
- |
| Pre-Auth Takeover of OXID eShops |
Robin Peraglie |
Jul. 28, 2019 |
715 |
- |
| LimeSurvey 2.72.3 - Persistent XSS to Code Execution |
Robin Peraglie |
Apr. 09, 2018 |
567 |
- |
| Announcing SonarQube 9.9 LTS! |
Kirti Joshi |
Feb. 07, 2023 |
744 |
- |
| What Code Issues Caused the CrowdStrike Outage? |
Sonar |
Jul. 25, 2024 |
1229 |
- |
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2) |
Thomas Chauchefoin, Paul Gerste |
Jul. 09, 2024 |
2344 |
- |
| Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail |
Oskar Zeino-Mahmalat |
Aug. 05, 2024 |
580 |
- |
| A Salesmans Code Execution: PrestaShop 1.7.2.4 |
Robin Peraglie |
May. 06, 2018 |
676 |
- |
| Using and Understanding SonarQube for Code Coverage |
Manish Kapur |
Jul. 08, 2024 |
1093 |
- |
| [ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for and Impact of Clean Code at QCon London 2024 |
Arden Gonzales |
Aug. 15, 2024 |
743 |
- |
| Encoding Differentials: Why Charset Matters |
Stefan Schiller |
Jul. 15, 2024 |
2136 |
3 |
| WordPress Design Flaw Leads to WooCommerce RCE |
Simon Scannell |
Nov. 05, 2018 |
918 |
- |
| Now Introducing, SonarCloud Enterprise and SonarCloud Team |
Andrew Osborne |
Jul. 31, 2024 |
692 |
- |
| SuiteCRM 7.11.4 - Breaking Into Your Internal Network |
Robin Peraglie |
Aug. 19, 2019 |
878 |
- |
| The True Cost of Bad Code in Software Development |
Liz Ryan |
Jun. 27, 2024 |
678 |
- |
| Deliver high-quality ASP.NET Core web apps with Sonar. |
Denis Troller |
Jul. 24, 2024 |
1121 |
- |
| Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire |
Stefan Schiller |
Aug. 13, 2024 |
1357 |
- |
| How Sonar Helps Meeting NIST SSDF Code Security Requirements |
Robert Curlee |
Aug. 07, 2024 |
679 |
- |
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2) |
Thomas Chauchefoin, Paul Gerste |
Jul. 02, 2024 |
2279 |
2 |
| How to Choose an LLM in Software Development |
Manish Kapur |
Aug. 27, 2024 |
1687 |
- |
| Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities |
Yaniv Nizry |
Sep. 02, 2024 |
1268 |
- |
| How can Sonar help with ISO 27001 compliance? |
Mark Clements |
Sep. 03, 2024 |
684 |
- |
| Top security flaws hiding in your code - and how to fix them |
Jonathan Vila |
Sep. 09, 2024 |
1311 |
- |
| Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix |
Manish Kapur |
Oct. 03, 2024 |
751 |
- |
| Building Confidence and Trust in AI-Generated Code |
Manish Kapur |
Oct. 03, 2024 |
930 |
- |
| SonarQube 10.7 Release Announcement |
Robert Curlee |
Oct. 04, 2024 |
759 |
- |
| Announcing Sonar's Support for Dart: Elevate Your Code Quality |
Andrew Osborne |
Oct. 07, 2024 |
710 |
- |
| Why Code Security Matters - Even in Hardened Environments |
Stefan Schiller |
Oct. 08, 2024 |
2681 |
- |
| The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator |
Stefan Schiller |
Oct. 22, 2024 |
1401 |
- |
| Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail |
Yaniv Nizry |
Nov. 05, 2024 |
1835 |
- |
| Our commitment to you – and an update on severity ratings for software quality |
Tom Howlett |
Nov. 13, 2024 |
708 |
- |
| How to Trust AI Contributions to Your Codebase |
Anirban Chatterjee |
Nov. 14, 2024 |
1319 |
- |
| A better (free) SonarQube experience |
Fabrice Bellingard |
Nov. 19, 2024 |
717 |
- |