Home / Companies / Sonar / Blog / March 2023

March 2023 Summaries

10 posts from Sonar

Filter
Month: Year:
Post Summaries Back to Blog
This vulnerability in LibreNMS, a monitoring solution developed in PHP, can be exploited by an unauthenticated attacker to gain remote code execution by sending a single SNMP trap. The vulnerability is due to a lack of proper output encoding and the use of user-controllable values in the event type parameter, which can lead to cross-site scripting (XSS) attacks. The impact of this vulnerability is greatly increased due to the Alert Template feature, which uses the Blade template engine without proper sandboxing. The patch has been released in version 22.11.0, and it's recommended to update any instance with a version prior to this release. A defense-in-the-depth approach is crucial to prevent such vulnerabilities, and safe alternatives to run untrusted data in a template engine should be used.
Mar 29, 2023 1,704 words in the original blog post.
Clean Code is a methodology that aims to derive value from your DevOps workflow by focusing on coding best practices, universally understood and implemented across the organization, to produce code that is easy to read, understand, and modify, scalable, collaborative, debuggable, and maintainable. Sonar is the solution for developers and teams to achieve a Clean Code state in their codebase through systematic development and delivery, reducing risk exposure, sustaining software performance, achieving more innovation with less rework, and attracting and retaining top developer talent. The Clean as You Code methodology enables developers and organizations to optimize the quality of their codebase by focusing solely on added or changed code, progressively improving the overall quality of the entire codebase with minimal cost and effort.
Mar 28, 2023 1,055 words in the original blog post.
You're building cloud-native apps with new technologies and concepts, which can lead to security gaps if not handled properly. This is where Clean Code comes in - a methodology that ensures coding issues don't make it into production, directly affecting the quality and security of your app. Sonar has the tools and process to help you achieve this, allowing developers to affect the quality and security of their cloud-native code directly. By adopting Clean Code, you'll learn how to safely build cloud-native apps that are secure, reliable, and meet user expectations.
Mar 23, 2023 306 words in the original blog post.
SonarLint has identified 300+ rules in TypeScript projects, with five common issues that are frequently invoked to flag bugs or security hotspots. These issues can have varying consequences on the application, from confusing types to memory leaks and hard-to-spot bugs. The top 5 issues are optional property declarations, creating and dropping objects immediately, unused local variables and functions, non-empty statements that don't change control flow or have a side-effect, and assignments within sub-expressions. SonarLint can help developers catch these issues as they write code, saving time and keeping the code clean and bug-free. By addressing these common issues, developers can ensure their application is more maintainable in development and works better in production.
Mar 20, 2023 615 words in the original blog post.
SonarQube 9.9 LTS introduces several features dedicated to delivering clean code, leveraging cloud-native technologies such as Infrastructure as Code (IaC) and supporting various cloud providers like AWS, GCP, Azure, Terraform, Kubernetes, Docker, and more. The new version includes security-focused rules for S3 Buckets, Permissions, Encryption at Rest and Transit, Traceability, and features to detect insecure configurations in AWS CDK code, injection vulnerabilities in AWS Lambdas, code quality issues in Python and JavaScript/TypeScript projects, and secrets/tokens in major cloud providers. With SonarQube 9.9 LTS, developers can ensure their cloud-native apps are written with clean code, secure, and reliable, covering over 30 languages, frameworks, and cloud technologies.
Mar 16, 2023 488 words in the original blog post.
SonarQube version 9.9 LTS has been released, offering significant improvements and new features. The update starts up 35% faster than its predecessor, reducing downtime and improving troubleshooting. It also detects file moves in pull requests, encrypts DevOps Platform Secrets, anonymizes user details using the Web API, supports new language versions, and improves detection of inactive projects among other enhancements. Additionally, it introduces features like delegated Quality Gate administration, in-app notifications for new versions, parallel processing of analysis reports, and more. The upgrade is free and can be performed in a few clicks, with resources available to help teams prepare and get started.
Mar 13, 2023 1,021 words in the original blog post.
Clean Code is important to me because it enables developers to reduce technical debt, focus on creating new technologies that change the world, and ultimately create better software. It's a standard that should be met in all development work, allowing for quality code reviews, efficient coding, and effective problem-solving. As someone who values clean code, I believe it will become the norm in the tech industry, making it easier for developers to produce high-quality software.
Mar 08, 2023 2,577 words in the original blog post.
Here's a neutral and interesting summary of the text: SonarLint has identified assignments within sub-expressions as its number one issue in TypeScript projects, due to their potential to cause hard-to-spot bugs. This issue can be particularly challenging to identify, especially in more complex codebases, but is often caught by testing, linting, or tooling like SonarLint. In addition to this issue, SonarLint has also identified other common problems in TypeScript projects, including optional property declarations, creating and dropping objects immediately, unused local variables and functions, non-empty statements, and assignments within sub-expressions that affect readability. By using SonarLint, developers can avoid these issues and write more robust and maintainable code.
Mar 08, 2023 895 words in the original blog post.
You are now able to download the latest long-term support version of SonarQube, which offers improved features and security patches, including a checklist for administrators to ensure a smooth upgrade process. Before starting the upgrade, review critical documentation, such as the release notes, plugin compatibility matrix, and database maintenance guides, to evaluate requirements and potential issues. A test environment setup with production-like specs allows you to practice the upgrade process, request a test license, and run performance-tuned scans to validate everything is running as expected. During the upgrade, notify users, update scanners, and execute the final steps, while reviewing quality gates and seeking assistance from the Sonar community or commercial support if needed.
Mar 06, 2023 912 words in the original blog post.
SonarLint, a tool designed to catch common issues in code, has identified non-empty statements that don't change control flow or have side effects as its second most common issue in TypeScript projects. These issues can manifest in various ways, such as empty comparison statements, missing parentheses in function calls, and missing return statements in functions like those used in React components. While exceptions to this rule exist, such as supporting Internet Explorer, it's generally recommended to avoid writing code that causes side effects from property access. To catch these issues early, using a linter like SonarLint can be beneficial, and the top 5 most common issues will be revealed in a series of blog posts, with number one being a yet-to-be-identified bug or typo.
Mar 01, 2023 926 words in the original blog post.