Sonar Blog - Plushcap

Blog URL

www.sonarsource.com/blog

Posts YTD

75 ↑ vs 33 last year

Avg Posts/Month

7.0 since 2022

Monthly Post Volume

Start year:

Post Details

Search:

Title	Author	Published	Words	HN Pts
A C&C++ tour of SonarLint for VS Code	Abbas Sabra and Geoffray Adde	2022-05-03	534	--
A Look Back at KubeCon 2022	Clint Cameron	2022-11-10	507	--
Bad code costs more than just your money	Liz Ryan	2022-10-13	182	--
Beyond the Rules of Three, Five and Zero	Phil Nash	2022-10-26	1,712	--
Bits from Hexacon 2022	Thomas Chauchefoin	2022-10-25	1,047	--
Remote Code Execution via Prototype Pollution in Blitz.js	Paul Gerste	2022-07-12	2,126	--
Cacti: Unauthenticated Remote Code Execution	Stefan Schiller	2023-01-03	1,450	--
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3)	Stefan Schiller	2022-11-01	2,513	--
Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3)	Stefan Schiller	2022-11-08	2,797	--
Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3)	Stefan Schiller	2022-11-15	2,032	--
Code Security Advent Calendar 2022	Paul Gerste	2022-11-29	632	--
Common TypeScript Issues Nº 5: Optional property declarations	Phil Nash	2023-01-30	661	--
What I learned from using SonarQube for the first time	Sonar	2022-12-01	1,624	--
Disclosing information with a side-channel in Django	Dennis Brinkrolf	2022-07-26	3,247	--
Doing More with Less in Uncertain Times	Bruce Herbert	2022-11-18	571	--
Five SonarCloud features for developers that want Clean Code	Thomas Olivier	2022-10-06	1,317	--
Horde Webmail 5.2.22 - Account Takeover via Email	Simon Scannell	2022-02-22	1,508	--
Horde Webmail - Remote Code Execution via Email	Simon Scannell	2022-05-31	1,278	--
How to enable your development team to deliver Clean Code?	Thomas Olivier	2022-12-08	1,595	--
Clean Your Infrastructure Code with Sonar	Clint Cameron	2022-03-22	670	--
Interview with a SonarSource Developer	Andrew Osborne	2022-09-15	1,134	--
Lesser spotted React mistakes: Hooked on a feeling	Gabriel Vivas	2022-10-20	1,043	--
Lesser spotted React mistakes: What are we even rendering?	Gabriel Vivas	2023-01-05	1,547	--
Lesser spotted React mistakes: Zombie methods	Gabriel Vivas	2022-11-28	1,216	--
Level up your team's skills as they code	Liz Ryan	2023-01-10	621	--
Securing Developer Tools: OneDev Remote Code Execution	Paul Gerste	2022-09-20	2,364	--
OpenEMR - Remote Code Execution in your Healthcare System	Dennis Brinkrolf	2023-01-25	1,695	--
Our journey toward accessibility	Sonar	2022-09-26	1,000	--
Path Traversal Vulnerabilities in Icinga Web	Thomas Chauchefoin	2022-05-10	1,952	--
PHP Supply Chain Attack on PEAR	Thomas Chauchefoin	2022-03-29	2,057	--
The Power of Clean Code	Olivier Gaudin	2022-09-09	556	--
RainLoop Webmail - Emails at Risk due to Code Flaw	Simon Scannell	2022-04-19	1,534	--
Remote Code Execution in Melis Platform	Karim El Ouerghemmi, Thomas Chauchefoin	2022-10-18	1,987	--
Review your security vulnerabilities in GitHub with code scanning alerts	Thomas Olivier	2022-02-24	507	--
How to disable XXE processing?	Eric Therond	2022-01-25	1,003	--
Securing Developer Tools: A New Supply Chain Attack on PHP	Thomas Chauchefoin	2022-10-04	2,623	--
Securing Developer Tools: Argument Injection in Visual Studio Code	Thomas Chauchefoin	2022-08-23	1,588	--
Securing Developer Tools: Git Integrations	Thomas Chauchefoin	2022-03-15	2,282	--
Securing Developer Tools: Package Managers	Paul Gerste	2022-03-08	2,762	--
Security Implications of URL Parsing Differentials	Thomas Chauchefoin	2022-08-08	1,849	--
Sonar @ Pwn2Own Toronto 2022	Thomas Chauchefoin	2022-12-12	782	--
Sonar Streamlines the Race to Release	Clint Cameron	2022-08-30	1,364	--
SonarQube 9.8 is here!	Lauren Cranford	2022-12-21	121	--
SonarQube 9.7 is here!	Lauren Cranford	2022-10-19	79	--
Sonar’s analysis performance targets	Alexandre Gigleux	2022-06-07	966	--
Develop Your Cloud Native Apps the Sustainable Way	Clint Cameron	2022-12-15	1,196	--
The Rules of Three, Five and Zero	Phil Nash	2022-10-11	1,510	--
Don't be afraid of XXE vulnerabilities: understand the beast and how to …	Eric Therond	2022-01-18	14	--
Vulnerability Research Highlights 2021	Johannes Dahse	2022-01-05	1,179	--
Vulnerability Research Highlights 2022	Johannes Dahse	2023-01-11	1,709	--
Scaling Clean Code Across the Enterprise	Bruce Herbert	2022-12-06	886	--
WordPress Core - Unauthenticated Blind SSRF	Simon Scannell and Thomas Chauchefoin	2022-09-06	1,630	1
WordPress < 5.8.3 - Object Injection Vulnerability	Simon Scannell	2022-02-08	1,979	--
WordPress 5.8.2 Stored XSS Vulnerability	Karim El Ouerghemmi	2022-01-11	1,762	--
You’re 3 minutes away from clean Java pull requests!	Thomas Olivier	2022-09-01	670	--
Zabbix - A Case Study of Unsafe Session Storage	Thomas Chauchefoin	2022-02-16	2,351	--
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection	Simon Scannell	2022-06-14	2,727	--
Unrar Path Traversal Vulnerability affects Zimbra Mail	Simon Scannell	2022-06-28	2,122	--
5 things to consider in performance comparisons	G. Ann Campbell	2022-03-01	929	--
Increase developer velocity today with Clean as You Code	Liz Ryan	2023-02-16	845	--
We are Sonar!	Marisa Davis	2023-02-14	736	--
Common TypeScript Issues Nº 4: Don't create and drop objects immediately	Phil Nash	2023-02-07	674	--
Common TypeScript Issues Nº 3: unused local variables and functions	Phil Nash	2023-02-20	896	--
Clean Code: The Best Approach to Writing Secure Cloud Native Apps	Clint Cameron	2023-02-21	310	--
Empowering weak primitives: file truncation to code execution with Git	Thomas Chauchefoin	2023-02-27	1,042	--
Common TypeScript Issues Nº 2: non-empty statements	Phil Nash	2023-03-01	926	--
SonarQube LTS Upgrade Checklist	Brian Cipollone	2023-03-06	912	--
Celebrating International Women's Day with the women of Sonar	Liz Ryan	2023-03-08	2,577	--
Common TypeScript Issues Nº 1: assignments within sub-expressions	Phil Nash	2023-03-08	895	--
9 more reasons to upgrade to SonarQube 9.9 LTS	Colin Mueller	2023-03-13	1,021	--
Cloud native features in SonarQube 9.9 LTS	Clint Cameron	2023-03-16	488	--
The top 5 common TypeScript issues found by SonarLint	Phil Nash	2023-03-20	615	--
Your Guide to Clean Code in Cloud Native Apps	Clint Cameron	2023-03-23	306	--
Sonar is the Clean Code solution for your DevOps workflow	Liz Ryan	2023-03-28	1,055	--
It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS	Stefan Schiller	2023-03-29	1,704	--
Announcing SonarQube 10.0	Kirti Joshi	2023-04-04	257	--
How bad code destroys developer velocity	Liz Ryan	2023-04-05	176	--
Another 9 reasons to upgrade to SonarQube 9.9 LTS	Colin Mueller	2023-04-05	1,074	--
Pretalx Vulnerabilities: How to get accepted at every conference	Stefan Schiller	2023-04-12	1,786	--
Sonar ❤️ Compiler Explorer: Write clean C++ code inside your browser	Fred Tingaud	2023-04-16	1,312	--
Interview with Sonar Python Developers Part 1	Andrew Osborne	2023-04-17	1,439	--
Odoo: Get your Content Type right, or else!	Dennis Brinkrolf, Thomas Chauchefoin	2023-04-24	1,849	--
Interview with Sonar Python Developers Part 2	Andrew Osborne	2023-04-25	1,044	--
Reflections from DevNexus, the largest Java conference in the U.S.A.	Jonathan Vila Lopez	2023-04-30	670	--
Weird Python: 5 Unexpected Behaviors in the Python Interpreter	Quazi Nafiul Islam	2023-05-01	988	--
Why SonarQube 9.9 LTS is a must-have for Python developers	Colin Mueller	2023-05-04	1,546	--
CNCF Silver membership	Jonathan Vila	2023-05-04	183	--
ES2023 introduces new array copying methods to JavaScript	Phil Nash	2023-05-10	1,332	1
Is Clean Code the solution to Jupyter notebook code quality?	Andrew Osborne	2023-05-10	1,481	--
SonarCloud or SonarQube? - Guidance on Choosing One for Your Team	Clint Cameron	2023-05-15	1,233	--
Pimcore: One click, two security vulnerabilities	Yaniv Nizry	2023-05-15	1,577	--
SonarLint supports Go analysis!	Andrew Osborne	2023-05-17	570	--
Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes	Clint Cameron	2023-05-23	580	--
Reflections from OffensiveCon 2023	Thomas Chauchefoin	2023-05-24	1,012	--
Hands on with the Node.js test runner	Phil Nash	2023-05-30	2,099	1
Why SonarQube 9.9 LTS is a must-have for Java developers	Colin Mueller	2023-06-01	2,003	--
What Mr. Miyagi can teach you about writing Clean Code	Liz Ryan	2023-06-06	862	--
Sonar at JSNation 2023 in Amsterdam	Gabriel Vivas	2023-06-08	676	--
Smarter Together: Fostering a culture of collaboration and growth at Sonar	Marisa Davis	2023-06-14	851	--
SonarQube 10.1 release announcement	Kirti Joshi	2023-06-21	208	--
Why SonarQube 9.9 LTS is a must-have for JavaScript and TypeScript Developers	Colin Mueller	2023-06-22	1,357	--
Why ORMs and Prepared Statements Can't (Always) Win	Thomas Chauchefoin	2023-06-26	2,037	--
TyphoonCon 2023 Wrap Up	Thomas Chauchefoin	2023-06-29	586	--
TROOPERS 2023 Conference Takeaways	Stefan Schiller	2023-07-05	886	--
Why SonarQube 9.9 LTS is a must-have for PHP Developers	Colin Mueller	2023-07-13	978	--
How Sonar Developer Advocates got started in their careers	Liz Ryan	2023-07-18	1,837	--
New Research from Sonar on Cost of Technical Debt	Manish Gupta	2023-07-19	592	--
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State	Stefan Schiller	2023-07-19	1,697	--
Working with Multiple Code Variants in C++	Phil Nash	2023-08-03	1,194	--
WeAreDevelopers 2023 - what did you miss?	Andrew Osborne	2023-08-10	620	--
No, C++ static analysis does not have to be painful	Geoffray Adde	2023-08-13	1,452	--
Patches, Collisions, and Root Shells: A Pwn2Own Adventure	Paul Gerste, Thomas Chauchefoin, Stefan Schiller	2023-08-14	1,793	--
What is deeper SAST in JavaScript?	Phil Nash	2023-08-17	1,059	--
BlackHat 2023: Hackers, Casinos, and an Exciting Announcement	Kirti Joshi \| Thomas Chauchefoin	2023-08-18	834	--
Playing Dominos with Moodle's Security (1/2)	Yaniv Nizry	2023-08-21	1,114	--
Enhancing SAST Detection: Leveraging Benchmarks for Measuring Progress	Alexandre Gigleux	2023-08-20	793	--
Playing Dominos with Moodle's Security (2/2)	Yaniv Nizry	2023-08-28	1,522	--
Code Vulnerabilities Put Proton Mails at Risk	Paul Gerste	2023-09-04	3,509	4
Introducing SonarQube 10.2: Setting New Standards in Code Quality and Security	Bianka Banova	2023-09-06	1,210	--
Get the benefits of TypeScript in your JavaScript	Phil Nash	2023-09-07	1,552	--
Security Guy TV Interview - Going Deeper with SAST and Clean Code	Katie Hyman	2023-09-08	2,129	--
Code Vulnerabilities Put Skiff Emails at Risk	Paul Gerste	2023-09-12	1,934	--
Typing your JavaScript without writing TypeScript	Phil Nash	2023-09-13	617	--
Enhancing Software Development Practices through SonarQube: A Path to Continuous Learning	Hannah Zimmerman	2023-09-14	566	--
The new JDK LTS is out! Long live JDK 21!	Jonathan Vila	2023-09-19	953	--
Remote Code Execution in Tutanota Desktop due to Code Flaw	Paul Gerste	2023-09-20	2,741	2
5 Clean Code Tips for Reducing Cognitive Complexity	John Clifton	2023-09-22	532	--
Open Source Summit 2023	Jonathan Vila	2023-09-26	473	--
Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity	Stefan Schiller	2023-09-26	1,536	1
Sonar's Scoring on the Top 3 Java SAST Benchmarks	Alexandre Gigleux	2023-09-26	824	--
Unzipping Dangers: OpenRefine Zip Slip Vulnerability	Stefan Schiller	2023-09-27	1,276	--
A comprehensive guide to the dangers of Regular Expressions in JavaScript	Phil Nash	2023-09-28	2,901	3
Why I’m passionate about Static Analysis and how I helped make it …	Abbas Sabra	2023-10-02	2,212	--
ISMG Interview - Securing Applications, Accelerating DevOps with Clean Code	Katie Hyman	2023-10-05	1,975	--
Interview with Sonar Java Enthusiasts	Tony Graham	2023-10-09	1,948	--
Java SAST Benchmarks: why you shouldn't trust them blindly	Pierre-Loup Tristant	2023-10-11	1,111	--
Security Vulnerabilities in CasaOS	Thomas Chauchefoin	2023-10-17	2,087	--
What is Clean Code?	Gabriel Vivas	2023-10-18	1,552	--
Highlights from Hexacon 2023	Stefan Schiller	2023-10-18	817	--
Shifting Right for Secure Platforms and DevOps	Ben Dechrai	2023-10-25	1,430	--
9 Steps to get the most out of your SonarCloud Trial	Zoe Bell	2023-11-07	1,684	--
Linux Foundation Chat: Open Source & Clean Code	Katie Hyman	2023-11-07	300	--
Visual Studio Code Security: Deep Dive into Your Favorite Editor (1/3)	Thomas Chauchefoin, Paul Gerste	2023-11-07	3,389	--
Sonar's Scoring on the Top 3 C# SAST Benchmarks	Alexandre Gigleux	2023-11-07	704	--
Visual Studio Code Security: Markdown Vulnerabilities in Third-Party Extensions (2/3)	Paul Gerste	2023-11-14	2,378	--
SonarQube 10.3 Release Announcement	Robert Curlee	2023-11-15	503	--
Visual Studio Code Security: Finding New Vulnerabilities in the NPM Integration (3/3)	Thomas Chauchefoin, Paul Gerste	2023-11-20	1,748	--
Top issues in Java projects	Jonathan Vila	2023-09-26	971	--
Sonar is “On the Radar”: New Omdia Report	Katie Hyman	2023-11-29	453	--
Sonar keeps your secrets from leaking … unlike that "trusted" friend from …	Alexandre Gigleux	2023-11-07	653	--
Unraveling the Costs of Bad Code in Software Development	Liz Ryan	2023-12-05	611	--
Stop nesting ternaries in JavaScript	Phil Nash	2023-12-07	1,299	2
Spring framework pitfalls	Jonathan Vila	2023-12-11	1,252	--
pfSense Security: Sensing Code Vulnerabilities with SonarCloud	Oskar Zeino-Mahmalat	2023-12-11	2,177	3
Sonar @ Black Hat Europe!	Thomas Chauchefoin	2023-12-13	699	--
2024 Security Predictions from the Sonar Research Team	Johannes Dahse	2023-12-14	621	--
2024 DevOps Predictions from the Sonar Developer Advocate Team	Peter McKee	2023-12-21	910	--
AI-Generated Code Demands ‘Trust, But Verify’ Approach to Software Development	Tariq Shaukat	2024-04-11	1,389	--
C# Logging Best Practices with .NET	Denis Troller	2024-04-10	2,561	--
Apache Dubbo Consumer Risks: The Road Not Taken	Yaniv Nizry	2024-04-01	1,633	--
Ensuring the right usage of Java 21 new features	Jonathan Vila	2024-04-01	1,510	--
Technical debt’s impact on development speed and code quality	Bianka Banova	2024-03-27	831	--
DORA Compliance for Financial Entities: leveraging Sonar solutions to ensure code security …	Adam Surdy	2024-03-22	933	--
Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices	Paul Gerste	2024-03-21	2,210	--
__dirname is back in Node.js with ES modules	Phil Nash	2024-03-21	911	3
#CleanCodeTips: Unlock Your Coding Potential	Peter McKee	2024-03-12	830	--
Reply to calc: The Attack Chain to Compromise Mailspring	Yaniv Nizry	2024-03-11	1,684	--
Are You Ready For PCI DSS 4.0?	Robert Curlee	2024-03-11	949	--
Increase readability with Java's Pattern Matching	Jonathan Vila	2024-03-04	638	1
OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways	Stefan Schiller	2024-02-29	1,945	--
White House emphasizes need for proactive coding practices to counter cyber attacks	Harry Wang	2024-02-29	782	--
Sonar Reaffirms Strength of its Information Security Management Systems by Earning The …	Andrea Malagodi	2024-02-27	349	--
How timely delivery comes from transparent outsourced software development communication	Liz Ryan	2024-02-27	1,000	--
Builders, Withers, and Records - Java’s path to immutability	Jonathan Vila	2024-02-21	927	--
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities	Stefan Schiller	2024-02-20	1,259	--
Union, intersection, difference, and more are coming to JavaScript Sets	Phil Nash	2024-02-15	1,280	115
Write cleaner React code with SonarQube 10.4	Phil Nash	2024-02-13	1,163	--
Introducing the new Sonar Web API V2	Aurélien Poscia	2024-02-08	935	--
Building the foundation for a strong AI future	Harry Wang	2024-02-08	466	--
5 Risks of Outsourcing Software Development and How to Avoid Them	Liz Ryan	2024-02-07	1,281	--
SonarQube 10.4 Release Announcement	Robert Curlee	2024-02-06	665	--
Pitfalls of Desanitization: Leaking Customer Data from osTicket	Oskar Zeino-Mahmalat	2024-02-06	1,991	--
Juliet C# Benchmark and the SecureString case	Gaëtan Ferry	2024-02-01	1,413	--
Who are you? The Importance of Verifying Message Origins	Stefan Schiller	2024-01-28	1,203	--
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins	Yaniv Nizry	2024-01-24	1,464	1
Sonar is helping make C# code clean as Microsoft ASP.NET Core Blazor …	Denis Troller	2024-01-23	963	--
Lessons learned upgrading to React 18 in SonarQube	Phil Nash	2024-01-17	1,212	--
Vulnerability Research Highlights 2023	Stefan Schiller	2024-01-03	1,572	--
Sonar's Scoring on the Top 3 Python SAST Benchmarks	Alexandre Gigleux	2023-12-28	442	--
Green Coding with Clean Code - A Recap of ecoCode Challenge Paris …	Fabrice Bellingard	2024-06-20	542	--
Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages	Paul Gerste	2024-06-17	1,978	--
Integrating SonarCloud with Amazon CodeCatalyst for Code Analysis	Manish Kapur	2024-06-10	668	--
An Open Letter to Sonar[Qube] Users	Lynne Doherty	2024-06-06	558	--
mXSS: The Vulnerability Hiding in Your Code	Yaniv Nizry	2024-05-27	2,965	1
Sonar Named Leader in G2 Spring Report	Zoe Bell	2024-05-20	331	--
Find Deeply Hidden Security Vulnerabilities with Deeper SAST by Sonar	Johannes Dahse	2024-05-15	1,054	--
Parallel Code Security: The Challenge of Concurrency	Stefan Schiller	2024-05-14	2,946	--
Code Interoperability: The Hazards of Technological Variety	Stefan Schiller	2024-05-07	3,428	--
Leveraging SonarQube, SonarCloud, and SonarLint for Effective Shift Left Practices	Manish Kapur	2024-05-01	1,240	--
Driving DevOps Transformation: Leveling Up CI/CD with Static Code Analysis	Tony Graham	2024-04-30	876	--
Legacy Codebases are a DevOps Issue	Ben Dechrai	2024-04-18	1,346	--
SonarQube 10.5 Release Announcement	Robert Curlee	2024-04-16	415	--
Dangerous Import: SourceForge Patches Critical Code Vulnerability	Stefan Schiller	2024-04-16	1,192	--
Sonar Named a Leader in G2 Grid Report for Sixteenth Consecutive Quarter	Zoe Bell	2024-07-23	420	--
Uncovering hidden security vulnerabilities with deeper SAST	Johannes Dahse	2023-08-08	1,507	--
AutoConfig: C++ Code Analysis Redefined	Abbas Sabra	2024-07-17	1,143	--
SonarQube 10.6 Release Announcement	Robert Curlee	2024-06-25	601	--
Announcing SonarQube 9.9 LTS!	Kirti Joshi	2023-02-07	744	--
What Code Issues Caused the CrowdStrike Outage?	Sonar	2024-07-25	1,229	--
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2)	Thomas Chauchefoin, Paul Gerste	2024-07-09	2,344	--
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail	Oskar Zeino-Mahmalat	2024-08-05	580	--
Using and Understanding SonarQube for Code Coverage	Manish Kapur	2024-07-08	1,093	--
[ON DEMAND] Watch Sonar Founder Olivier Gaudin Break Down the Need for …	Arden Gonzales	2024-08-15	743	--
Encoding Differentials: Why Charset Matters	Stefan Schiller	2024-07-15	2,136	3
Now Introducing, SonarCloud Enterprise and SonarCloud Team	Andrew Osborne	2024-07-31	692	--
The True Cost of Bad Code in Software Development	Liz Ryan	2024-06-27	678	--
Deliver high-quality ASP.NET Core web apps with Sonar.	Denis Troller	2024-07-24	1,121	--
Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire	Stefan Schiller	2024-08-13	1,357	--
How Sonar Helps Meeting NIST SSDF Code Security Requirements	Robert Curlee	2024-08-07	679	--
Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2)	Thomas Chauchefoin, Paul Gerste	2024-07-02	2,279	2
How to Choose an LLM in Software Development	Manish Kapur	2024-08-27	1,687	--
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities	Yaniv Nizry	2024-09-02	1,268	--
How can Sonar help with ISO 27001 compliance?	Mark Clements	2024-09-03	684	--
Top security flaws hiding in your code - and how to fix …	Jonathan Vila	2024-09-09	1,311	--
Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix	Manish Kapur	2024-10-03	751	--
Building Confidence and Trust in AI-Generated Code	Manish Kapur	2024-10-03	930	--
SonarQube 10.7 Release Announcement	Robert Curlee	2024-10-04	759	--
Announcing Sonar's Support for Dart: Elevate Your Code Quality	Andrew Osborne	2024-10-07	710	--
Why Code Security Matters - Even in Hardened Environments	Stefan Schiller	2024-10-08	2,681	1
The Power of Taint Analysis: Uncovering Critical Code Vulnerability in OpenAPI Generator	Stefan Schiller	2024-10-22	1,401	--
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail	Yaniv Nizry	2024-11-05	1,835	2
Our commitment to you – and an update on severity ratings for …	Tom Howlett	2024-11-13	708	--
How to Trust AI Contributions to Your Codebase	Anirban Chatterjee	2024-11-14	1,319	--
A better (free) SonarQube experience	Fabrice Bellingard	2024-11-19	717	--
The new SonarQube free tier is here - get started today!	Andrew Osborne	2024-12-05	850	--
SonarQube Server 10.8 Release Announcement	Robert Curlee	2024-12-04	641	--
Software and AI in 2025 — Sonar Perspectives on What’s to Come …	Katie Hyman	2024-12-11	1,021	--
Never Underestimate CSRF: Why Origin Reflection is a Bad Idea	Paul Gerste	2024-12-10	1,782	--
Announcing Sonar's Support for Dart: Elevate Your Code Quality	Andrew Osborne	2024-10-07	826	--
Vulnerability Research Highlights 2024	Paul Gerste	2025-01-09	1,353	--
SonarQube for IDE: Our journey this year, and sneak peek into 2025	Farah Bouassida	2025-01-10	871	--
SonarQube Server 2025.1 LTA Release Announcement	Robert Curlee	2025-01-23	902	--
Enhancing Team Code Reviews with AI-Generated Code	Jonathan Vila	2025-01-27	1,166	--
The Tainted Voyage: Uncovering Voyager's Vulnerabilities	Yaniv Nizry	2025-01-27	1,655	--
9 More Reasons to Upgrade to SonarQube Server 2025.1 LTA	Colin Mueller	2025-02-05	1,644	--
Auto-Detect and Review AI-Generated Code from GitHub Copilot	Anirban Chatterjee	2025-02-13	643	--
SonarQube Server Wins DEVIES Award for Code Testing & Quality Management	Fabrice Bellingard	2025-02-14	707	--
The AI Revolution in Software Development: A New Era for Developers	Harry Wang	2025-02-11	660	--
Sonar Earns SOC 2 Type II Compliance	Andrea Malagodi	2025-02-12	732	--
Beware the Cookie Monster: Cyberhaven Extension Vulnerability Allowed Cookie Theft	Paul Gerste	2025-02-26	1,671	--
8 Reasons to Try SonarQube Free Tier	Manish Kapur	2025-02-26	817	--
The npm package of the Moment: How we migrated from a deprecated …	Sonar	2022-11-16	705	--
Maintainer burnout is real. Almost 60% of maintainers have quit or considered …	Sonar	2023-05-25	430	--
Evaluating the RAIL license family	Sonar	2022-11-01	2,861	--
Paying maintainers: the HOWTO	Sonar	2023-04-15	2,830	--
xz utils hack: what is it?	Sonar	2024-04-02	1,791	--
Evaluating an ethical license for corporate use	Sonar	2022-02-25	1,371	--
Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?	Sonar	2024-01-16	1,903	--
Younger open source maintainers are significantly more likely to use AI-based coding …	Sonar	2023-10-22	1,127	--
8 ways to build your continuous vulnerability management strategy	Sonar	2023-05-21	656	--
The evolving landscape of open source licensing: What you need to know	Sonar	2022-09-10	1,113	--
The Red Hat IPO experiment to pay maintainers: 25 years later	Sonar	2023-08-12	1,580	--
Dependency management and your software health	Sonar	2022-02-08	599	--
AI-based coding tools are thriving, and maintainers have some valid concerns about …	Sonar	2022-10-17	1,240	--
Announcing SonarQube Advanced Security	Johannes Dahse	2025-03-11	914	--
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (1/2)	Oskar Zeino-Mahmalat	2025-03-18	1,699	--
SonarQube Server 2025 Release 2 Announcement	Robert Curlee	2025-03-26	309	--
Diving Into JumpServer: Attacker’s Gateway to Internal Networks (2/2)	Oskar Zeino-Mahmalat	2025-03-24	1,857	--
New Spring framework rules in SonarQube	Jonathan Vila	2025-03-26	1,633	--
Introducing Architecture as Code in SonarQube	Gabriel Vivas	2025-04-08	965	--
MISRA C++:2023 Compliance for Auto Safety and Reliability	Geoffray Adde	2025-04-15	815	--
Introducing support for Rust in SonarQube	Denis Troller	2025-04-17	564	--
Data in Danger: Detecting Cross-Site Scripting in Grafana	Paul Gerste	2025-04-24	1,290	--
Seven Habits of Highly Effective AI Coding	Tariq Shaukat	2025-04-30	1,293	--
Scripting Outside the Box: API Client Security Risks (1/2)	Oskar Zeino-Mahmalat, Paul Gerste	2025-05-13	1,704	--
7 Guidelines for Federal Agencies Adopting AI for Software Development	Sonar	2025-05-13	905	--
Scripting Outside the Box: API Client Security Risks (2/2)	Oskar Zeino-Mahmalat, Paul Gerste	2025-05-20	1,817	--
Advances in SonarQube's Bug Detection	Denis Troller	2025-05-28	1,691	--
SonarQube Advanced Security now available: Developer-first security for all code	Manish Kapur	2025-05-29	2,005	--
SonarQube Server 2025 Release 3 Announcement	Robert Curlee	2025-05-29	308	--
Double Dash, Double Trouble: A Subtle SQL Injection Flaw	Paul Gerste	2025-06-10	1,625	--
From database burden to cloud efficiency: Sonar's journey to faster processing & …	Claire Villard	2025-06-10	1,934	--
Vibe, then verify: How to navigate the risks of AI-generated code	Prasenjit Sarkar	2025-11-03	1,019	--
SonarQube Compare Community vs Developer vs Enterprise vs Data Center	Robert Curlee	2025-10-27	3,228	--
Introducing Scoped Organization Tokens for SonarQube Cloud	Andrew Osborne	2025-09-25	710	--
Introducing architecture in SonarQube	Olivier Gaudin	2025-12-16	839	--
Ollama Remote Code Execution: Securing the Code That Runs LLMs	Paul Gerste	2025-11-04	3,259	--
Tame technical debt with insights from The State of Code: Maintainability report	Anirban Chatterjee	2025-07-21	815	--
Cyber Resilience Act: Navigating speed and security with AI-coding	Anirban Chatterjee	2025-07-29	1,424	--
Java 22: Leverage unnamed variables and patterns	Jonathan Vila Lopez	2025-07-18	968	--
Securing Kotlin Apps With SonarQube: Real-World Examples	Paul Gerste, Oskar Zeino-Mahmalat	2025-07-15	1,560	--
SonarQube Named a Leader and Fast Mover in GigaOm's Application Security Testing …	Manish Kapur	2025-10-08	464	--
SonarQube Server 2025.5 release announcement	Robert Curlee	2025-09-24	676	--
Java 23: Embrace the new era of code comments	Jonathan Vila Lopez	2025-07-29	793	--
The Coding Personalities of Leading LLMs—GPT-5 Update	Prasenjit Sarkar	2025-08-27	1,224	--
Solving the Engineering Productivity Paradox	Tariq Shaukat	2025-06-17	799	--
Beyond cybersecurity awareness: Make a strategic shift to code security	Satinder Khasriya	2025-10-29	1,138	--
SonarQube Server 2025.6 is here: Vibe, then verify faster than ever	Robert Curlee	2025-12-11	663	--
Deploy SonarQube Server on Kubernetes with Terraform	Robert Curlee	2025-07-24	3,020	--
SonarQube IDE: Announcing support for AI-Native IDEs	Manish Kapur	2025-08-05	1,048	--
What's the top bug in your language? Find out in The State …	Anirban Chatterjee	2025-07-28	908	--
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations …	Yaniv Nizry	2025-06-30	1,730	--
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security	Andrew Osborne	2025-10-27	593	--
Quality assurance in the AI era: a leadership imperative, according to S&P …	Anirban Chatterjee	2025-09-10	798	--
Introducing native Jira Cloud integration for SonarQube Cloud	Andrew Osborne	2025-10-01	935	--
Sonar's Take: Software Development Under America's AI Action Plan	Nathan Jones	2025-08-04	1,086	--
Sonar honored in Fast Company's Next Big Things in Tech — Bringing …	Katie Hyman	2025-10-16	575	--
SonarQube Server 2025.4: Faster analysis, stronger security, better coverage	Robert Curlee	2025-07-31	439	--
Announcing SonarQube MCP Server: Bringing code quality into your AI workflow	Manish Kapur	2025-10-07	849	--
The Cloudflare outage and why code quality matters more than ever	Denis Troller	2025-12-08	1,208	--
How has AI changed your workflow? Share your story in Sonar's State …	Anirban Chatterjee	2025-10-01	231	--
Analysis evidence from SonarQube now available in JFrog AppTrust	Jeff Clawson	2025-09-09	901	--
Python Machine Learning: Care & Quality for Developers	Thomas Serre	2025-09-26	1,845	--
PyTorch tensors, neural networks and Autograd: an introduction	Thomas Serre	2025-10-28	1,856	--
The biggest security risks unveiled in The State of Code: Security report	Anirban Chatterjee	2025-07-14	923	--
Code Quality is the Source of Security Issues	Satinder Khasriya	2025-11-26	1,701	--
New data on code quality: GPT-5.2 high, Opus 4.5, Gemini 3, and …	Prasenjit Sarkar	2025-12-15	1,085	--
The State of Code: Introducing Sonar’s new code quality report series	Anirban Chatterjee	2025-07-07	967	--
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations …	Yaniv Nizry	2025-06-25	2,761	--
Seven indicators your codebase is unmanageable	Robert Curlee	2025-12-19	1,388	--
The Coding Personalities of Leading LLMs	Prasenjit Sarkar	2025-08-13	1,377	--
Announcing SonarSweep: Improving training data quality for coding LLMs	Tariq Shaukat	2025-10-21	731	--
Securing GitHub Actions With SonarQube: Real-World Examples	Yaniv Nizry	2025-10-14	1,816	--
How reasoning impacts LLM coding models	Prasenjit Sarkar	2025-09-03	1,806	--
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations …	Yaniv Nizry	2025-07-07	1,901	--
The inevitable rise of poor code quality in AI-accelerated codebases	Robert Curlee	2025-11-05	1,112	--
AI CodeFix is now generally available	Manish Kapur	2025-07-31	1,558	--
How SonarQube enables DORA compliance for financial institutions	Manish Kapur	2025-07-21	1,963	--
Protecting your AI code: How SonarQube defends against the "Rules File Backdoor"	Alexandre Gigleux	2025-07-23	745	--
Zombie Workflows: A GitHub Actions horror story	Paul Gerste	2025-12-09	2,042	--
A technical look at SonarSweep for GPT-OSS-20B	Joe Tyler	2025-12-04	634	--
SonarQube and Port: Bringing code quality and security metrics into your software …	Jeff Clawson	2025-10-13	662	--
Introducing Sonar Foundation Agent	Haifeng Ruan	2025-11-14	864	--
Java24: Go deeper on parsing Java class files and broader with Stream …	Jonathan Vila Lopez	2025-08-05	2,283	--
Day in the Life: Expanding Sonar into LATAM as a Country Manager	Josh Twaddle	2025-09-18	737	--
Securing Go Applications With SonarQube: Real-World Examples	Yaniv Nizry	2025-08-06	1,907	--
How Sonar Helps Achieve a Strong SOC 2 Type II Report	Mark Clements	2025-07-25	879	--
Code Security for Conversational AI: Uncovering a Zip Slip in EDDI	Paul Gerste	2025-09-16	1,319	--
Seventeen years later, code quality is more relevant than ever	Olivier Gaudin	2025-11-13	1,562	--
Achieve MISRA C++:2023 code compliance	Robert Curlee	2025-12-11	762	--
Sonar launches integration program to unify code governance across the SDLC	Jeff Clawson	2025-10-23	1,132	--
Diving into the 3 traits that define your LLM’s coding personality	Prasenjit Sarkar	2025-08-28	1,352	--
State of Code Developer Survey report: The current reality of AI coding	Anirban Chatterjee	2026-01-08	702	--
Vibe, then verify: SonarQube 2025 year in review	Manish Kapur	2026-01-08	1,551	--
Modernizing finance: Insights from a platform engineering leader	Robert Curlee	2026-01-14	744	--
Stop secrets before the commit: Join the beta for SonarQube's new secrets …	Alexandre Gigleux	2026-01-22	640	--
The AI trust gap: Why code verification matters	Ekaterina Okuneva	2026-01-22	614	--
Announcing SonarQube Server 2026.1 LTA	Robert Curlee	2026-01-29	996	--
How to choose your LLM without ruining your Java code	Jonathan Vila Lopez	2026-01-27	1,056	--
Shadow AI is already writing your code	Anirban Chatterjee	2026-01-29	838	--
Stop malicious packages in your CI/CD pipeline with SonarQube	Bill Nottingham	2026-02-04	898	--
Strategic visibility: Custom dashboards in SonarQube Cloud	Andrew Osborne	2026-02-05	692	--
The automation shift: Why 64% of developers use AI agentic tools	Ekaterina Okuneva	2026-02-05	853	--
Join us at Sonar Summit: A blueprint for the AI-driven SDLC	Amy Hays	2026-02-11	585	--
Beyond finding issues: Join the SonarQube Remediation Agent Beta	Prasenjit Sarkar	2026-02-11	465	--
The great toil shift: How AI is redefining technical debt	Prasenjit Sarkar	2026-02-12	681	--
Exploring your current architecture with SonarQube	Gabriel Vivas	2026-02-18	734	--
Claude Code + SonarQube MCP: Building an autonomous code review workflow	Killian Carlsen-Phelan	2026-02-18	790	--
PR-to-green: Automating quality gate success with Claude Opus 4.6 and SonarQube MCP	Killian Carlsen-Phelan	2026-02-18	1,243	--
How SonarQube minimizes false positives in code analysis below 5%	Manish Kapur	2026-02-19	1,230	--
Security that works for you: Exploring the new enhancements in SonarQube	Satinder Khasriya	2026-02-20	1,055	--
The intelligence paradox: Why Claude Opus 4.6 requires verification	Prasenjit Sarkar	2026-02-20	852	--
Managing the tricky relationship between AI and code security	Ekaterina Okuneva	2026-02-20	733	--
Thoughts on Claude Code Security	Manish Kapur	2026-02-23	1,286	--
Code generation tradeoffs: A comparison of Claude Opus 4.5 and 4.6	Killian Carlsen-Phelan	2026-02-24	961	--
The architecture gap: Why your code becomes hard to change	Robert Curlee	2026-02-26	1,686	--
How to optimize SonarQube for reviewing AI-generated code	Killian Carlsen-Phelan	2026-03-01	1,003	--
The future is AC/DC: the Agent Centric Development Cycle	Tariq Shaukat	2026-03-02	2,514	--
Code Architecture Management General Availability in SonarQube	Robert Curlee	2026-03-02	707	--
SonarQube Agentic Analysis Beta Program	Prasenjit Sarkar	2026-03-03	456	--
Introducing Sonar Context Augmentation	Manish Kapur	2026-03-03	518	--
Secure the AI SDLC with SonarQube CLI	Satinder Khasriya	2026-03-09	1,775	--
Secure the AI SDLC with SonarQube CLI	Satinder Khasriya	2026-03-09	1,775	--
Top 6 takeaways on the future of coding from Sonar Summit 2026	Amy Hays	2026-03-11	1,046	--
Mastering FastAPI quality standards with SonarQube	Jean Jimbo	2026-03-12	1,382	--
Cyber Resilience Act AI Automated Verification	Ekaterina Okuneva	2026-03-13	929	--
Code standards for resilient Flask web applications	Robert Curlee	2026-03-12	1,205	--
Automate GitHub Project Onboarding with SonarQube Cloud	Andrew Osborne	2026-03-13	583	--
Announcing native MCP Server in SonarQube Cloud	Andrew Osborne	2026-03-17	636	--
AI Can Write Java 25 Right with SonarQube \| AI Coding Assistant	Killian Carlsen-Phelan	2026-03-18	2,562	--
SonarQube Wiz Integration: Unified Code-to-Cloud Security	Jeff Clawson	2026-03-18	671	--
How to Scale Code Quality for AI-Generated Code	Ekaterina Okuneva	2026-03-18	993	--
From intent extra to RCE: Argument injection in YTDLnis	Paul Gerste	2026-03-24	2,618	--
Introducing Base Support for Code Verification & Review	Ekaterina Okuneva	2026-03-26	420	--
Announcing SonarQube Server 2026.2	Robert Curlee	2026-03-25	573	--
The future of software development is AC/DC	Manish Kapur	2026-03-31	1,259	--
An Architecture Review of GC-Toolkit with SonarQube	Chris Chedgey	2026-04-02	683	--
Why your supply chain attack surface is expanding	Manish Kapur	2026-04-07	2,845	--
Automatic analysis for Azure DevOps is here	Andrew Osborne	2026-04-13	625	--
BYOK Encryption Guide: Secure Your Code in SonarQube Cloud	Elena Vilchik	2026-04-14	1,413	--
Announcing SCIM for automated user management, with SonarQube Cloud	SonarSource	2026-04-14	667	--
Now available: SonarQube plugin for Claude Code	Anirban Chatterjee	2026-04-16	804	--
AI-First Engineering: How Cisco Reached Tech Debt Zero	Marissa Naab	2026-04-21	691	--
OpenAI GPT-5.5: an evaluation	Prasenjit Sarkar	2026-04-23	1,338	--
Claude Opus 4.7: An evaluation review & metrics benchmarks	Prasenjit Sarkar	2026-04-27	1,256	--
When linting is not enough	Nicolas Peru	2026-04-27	2,492	--
GPT-5.5's Biggest Blind Spot \| Java Bugs	Killian Carlsen-Phelan	2026-04-27	1,454	--
Arbitrary code execution and Claude Code CLI: How Claude executed code before …	Yaniv Nizry	2026-04-30	1,523	--
Why technical debt is still your team's biggest productivity drain	Anirban Chatterjee	2026-05-01	1,334	--
How SonarQube code coverage reporting works	Killian Carlsen-Phelan	2026-05-04	2,319	--
SonarQube architecture management keeps agent-generated code architecturally sound	Taylor Luttrell-Williams	2026-05-07	1,148	--
Import Your GitLab Group Into SonarQube Cloud	Andrew Osborne	2026-05-08	547	--
Automatically fix code backlog with SonarQube Remediation Agent	Prasenjit Sarkar	2026-05-13	982	--
Clean Codebase Reduces AI Token Costs by Up to 8.5%	Prasenjit Sarkar and Priyansh Trivedi	2026-05-14	1,463	--
Announcing SonarQube Server 2026.3	Robert Curlee	2026-05-20	400	--
Welcoming Gitar to Sonar: Accelerating AI Code Review	Tariq Shaukat	2026-05-21	583	--
Leader in Technical Debt Management \| GartnerÂ® Magic Quadrantâ¢	Robert Curlee	2026-05-21	508	--
Mini Shai-Hulud Targets AI Coding Agents	Killian Carlsen-Phelan	2026-05-26	1,525	--
SonarQube Remediation Agent Wins Best Innovation in AI for DevOps	Manish Kapur	2026-05-28	897	--
Now available: SonarQube plugin for GitHub Copilot CLI	Brooks Naylor	2026-06-01	676	--
Jellyfin RCE \| Inconsistent Validation Leads to Argument Injection	Paul Gerste	2026-06-02	2,599	--
Now available: SonarQube Agent App in GitHub	Brooks Naylor	2026-06-02	446	--
How SonarQube traces a SQL injection your AI coding agent produced	Killian Carlsen-Phelan	2026-06-03	1,242	--
The java.time Bugs That Donât Throw Exceptions	Killian Carlsen-Phelan and Jean Jimbo	2026-06-09	1,450	--
Loop engineering without verification is just automation	Prasenjit Sarkar	2026-06-11	1,713	--
Why Fable 5 Still Needs a Second Loop	Prasenjit Sarkar	2026-06-11	1,647	--
Testing Claude Fable 5: Built a Java Module & a Security Flaw	Killian Carlsen-Phelan	2026-06-11	1,895	--

Plushcap, by Matt Makai. 2021-2026.