Sonar's latest blog posts
Solving the Engineering Productivity Paradox
Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.
Securing Kotlin Apps With SonarQube: Real-World Examples
Explore how real-world vulnerabilities look in the Kotlin code of Android apps and see how SonarQube helps detect them.
Read article >
The biggest security risks unveiled in The State of Code: Security report
The State of Code report analyzes 7.9B lines of code, revealing top security risks like log injection and XSS and how to fix them.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.
Read article >
The State of Code: Introducing Sonar’s new code quality report series
Sonar's new report series analyzes 7.9B lines of code to reveal the most common issues and how to fix them.
Read article >
Day in the Life: What Being a Sonar Support Engineer Looks Like
What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.
Read Blog post >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.
Read article >
Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.
Read article >
Solving the Engineering Productivity Paradox
There's a huge focus on speeding up code production using tools like GitHub Copilot, Cursor, and others. And the results are honestly stunning, but increasingly, the bottleneck popping up is in the code review phase. Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.
Read article >
From database burden to cloud efficiency: Sonar's journey to faster processing & lower costs
This post details how we cut the file storage cost on SonarQube Cloud by 90 percent while extracting 3.4 TB of data from a relational database to a more suitable storage option.
Read article >
Double Dash, Double Trouble: A Subtle SQL Injection Flaw
Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!
Read article >
SonarQube Advanced Security now available: developer-first security for all code
Sonar is thrilled to announce a major leap forward: the General Availability (GA) of SonarQube Advanced Security! Building on the foundation trusted by over 7 million developers and 400,000 organizations for industry-leading code quality analysis, SonarQube now delivers the first fully integrated solution for developers to find and fix both code quality and code security issues across their entire codebase.
Read article >