Home

Sonar's latest blog posts

Featured Post

Solving the Engineering Productivity Paradox

Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help. 

Read More
https://assets-eu-01.kc-usercontent.com:443/5a869490-919a-0159-3da4-b8c3c397c0bc/ce96a6a2-8adf-4c7d-80d0-41124768484b/Engineering%20Productivity%20Paradox_blog-square%402x%20copy%202.png
Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (3/3)

In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability. 

Read article >

Image for The State of Code: Introducing Sonar’s new code quality report series
Blog post

The State of Code: Introducing Sonar’s new code quality report series

Sonar's new report series analyzes 7.9B lines of code to reveal the most common issues and how to fix them.

Read article >

Get new blogs delivered directly to your inbox!

Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.

I do not wish to receive promotional emails about upcoming SonarQube updates, new releases, news and events.

By submitting this form, you agree to the storing and processing of your personal data as described in the Privacy Policy and Cookie Policy. You can withdraw your consent by unsubscribing at any time.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Image for Day in the Life: What Being a Sonar Support Engineer Looks Like
Blog post

Day in the Life: What Being a Sonar Support Engineer Looks Like

What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.

Read Blog post >

Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (2/3)

We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In this second article, we will cover how attackers can use the compromised endpoint to achieve lateral movement within an organization.

Read article >

Image for Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)
Blog post

Caught in the FortiNet: How Attackers Can Exploit FortiClient to Compromise Organizations (1/3)

We recently discovered critical vulnerabilities in Fortinet’s endpoint protection solution that enable attackers to fully compromise organizations with minimal user interaction. In the first post of the series, we will see how attackers can get the first foothold within an organization.

Read article >

Image for Solving the Engineering Productivity Paradox
Blog post

Solving the Engineering Productivity Paradox

There's a huge focus on speeding up code production using tools like GitHub Copilot, Cursor, and others. And the results are honestly stunning, but increasingly, the bottleneck popping up is in the code review phase. Sonar CEO, Tariq Shaukat, shares how AI-generated code absolutely must be reviewed before it's merged into your codebase, and how SonarQube can help.

Read article >

Image for From database burden to cloud efficiency: Sonar's journey to faster processing & lower costs
Blog post

From database burden to cloud efficiency: Sonar's journey to faster processing & lower costs

This post details how we cut the file storage cost on SonarQube Cloud by 90 percent while extracting 3.4 TB of data from a relational database to a more suitable storage option.

Read article >

Image for Double Dash, Double Trouble: A Subtle SQL Injection Flaw
Blog post

Double Dash, Double Trouble: A Subtle SQL Injection Flaw

Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!

Read article >

SQAS Announcement
Blog post

SonarQube Advanced Security now available: developer-first security for all code

Sonar is thrilled to announce a major leap forward: the General Availability (GA) of SonarQube Advanced Security! Building on the foundation trusted by over 7 million developers and 400,000 organizations for industry-leading code quality analysis, SonarQube now delivers the first fully integrated solution for developers to find and fix both code quality and code security issues across their entire codebase.

Read article >

Image for SonarQube Server 2025 Release 3 Announcement
Blog post

SonarQube Server 2025 Release 3 Announcement

SonarQube Server 2025 Release 3 unifies your tooling for code quality and code security with GA for Advanced Security (SCA & advanced SAST), Kotlin SAST support, more secrets detection, end of Early Access for AI CodeFix, expanded compliance (MISRA, CWE, OWASP Mobile), enhanced language coverage (Rust, Java, PySpark) and extended architectural protection.

Read article >

Image for Advances in SonarQube's Bug Detection
Blog post

Advances in SonarQube's Bug Detection

At Sonar we strive to provide the tools to help you to create the highest quality code possible. One of the biggest quality challenges is to find the bugs related to how your application is executed. SonarQube's advanced bug detection does just that.

Read article >

Go to SonarSource homepage
sonar logo
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
Español (Spanish)
  • Documentación jurídica
  • Centro de confianza

© 2008-2024 SonarSource SA. Todos los derechos reservados. SONAR, SONARSOURCE, SONARQUBE, y CLEAN AS YOU CODE son marcas comerciales de SonarSource SA.

OSZAR »