Sonar's latest blog posts
Building Confidence and Trust in AI-Generated Code
To tackle the accountability and ownership challenge accompanying AI-generated code, we are introducing Sonar AI Code Assurance
SonarQube Advanced Security now available: developer-first security for all code
Sonar is thrilled to announce a major leap forward: the General Availability (GA) of SonarQube Advanced Security! Building on the foundation trusted by over 7 million developers and 400,000 organizations for industry-leading code quality analysis, SonarQube now delivers the first fully integrated solution for developers to find and fix both code quality and code security issues across their entire codebase.
Read article >
SonarQube Server 2025 Release 3 Announcement
SonarQube Server 2025 Release 3 unifies your tooling for code quality and code security with GA for Advanced Security (SCA & advanced SAST), Kotlin SAST support, more secrets detection, GA of AI CodeFix, expanded compliance (MISRA, CWE, OWASP Mobile), enhanced language coverage (Rust, Java, PySpark) and extended architectural protection.
Read article >
Get new blogs delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Advances in SonarQube's Bug Detection
At Sonar we strive to provide the tools to help you to create the highest quality code possible. One of the biggest quality challenges is to find the bugs related to how your application is executed. SonarQube's advanced bug detection does just that.
Read article >
Sonar Named Leader in G2 Spring Report
We are excited to share that the G2 Spring 2025 reports were recently released, and once again, Sonar has been named the LEADER in Static Code Analysis!
Read article >
9 Steps to a Successful SonarQube Cloud Team Plan Trial
To maximize the benefits of your SonarQube Cloud Team Plan trial, it's essential to approach your free 14 days with a clear plan. Discover helpful tips to learn more about the product and get familiar with SonarQube Cloud Team Plan capabilities.
Read article >
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices.
Read article >
7 Guidelines for Federal Agencies Adopting AI for Software Development
With the release of two new Artificial Intelligence (AI) policies, The White House has provided clear direction for federal agencies regarding how to embrace AI to improve efficiency, effectiveness, and overall service delivery.
Read article >
Scripting Outside the Box: API Client Security Risks (1/2)
Discover hidden risks in API testing tools like Postman and Insomnia. We dive into scripting vulnerabilities and explore JavaScript sandbox security pitfalls.
Read article >
Seven Habits of Highly Effective AI Coding
Massive codebases can hugely benefit from developers using AI coding tools, but they must be harnessed in a responsible way. Sonar CEO, Tariq Shaukat, shares what coding "habits" organizations should adopt.
Read article >
Data in Danger: Detecting Cross-Site Scripting in Grafana
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
Read article >
Introducing support for Rust in SonarQube
The popularity of the Rust programming language is growing. Rustaceans have been asking for SonarQube to support Rust and now it's here!
Read article >