Sonar is constantly evolving its code analyzer to help developers write Clean Code by detecting severe code vulnerabilities in modern open-source applications. The company's dedicated research team finds and inspects vulnerabilities to improve the product and report them to vendors, while also publicly sharing their findings with the developer community. In 2022, Sonar identified over 50 severe vulnerabilities in popular applications across various software categories, including web frameworks, CMS, mail solutions, supply chain attacks, developer tools, and monitoring solutions. These vulnerabilities were found through a combination of research and audits, and include issues such as stored XSS vulnerabilities, prototype pollution vulnerabilities, and argument injection vulnerabilities. Sonar also participated in the Pwn2Own hacking contest and was nominated for several Pwnie Awards, recognizing its contributions to the security community. The company's research team engages with the developer community through conferences, talks, and online publications, sharing knowledge and insights on software security best practices.