Sonar's latest blog posts
Welcoming Gitar to Sonar
Sonar has acquired Gitar, adding a new, critical layer to its multilayer, zero-trust code verification platform. Gitar is an AI code review solution, and it doesn’t just flag issues; it also generates the fix, validates it against the CI, and commits to the branch.
Category
How SonarQube traces a SQL injection your AI coding agent produced
Learn how SonarQube traces SQL injection across Spring Boot files using taint analysis to expose unsafe database queries from user input.
Read article >
Now available: SonarQube Agent App in GitHub
Learn how the SonarQube Agent App brings code quality and security checks directly into GitHub agent workflows for faster feedback.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Jellyfin remote code execution: Inconsistent validation leads to argument injection
Explore a Jellyfin remote code execution flaw where inconsistent validation enables FFmpeg argument injection and unauthenticated code execution.
Read article >
Now available: SonarQube plugin for GitHub Copilot CLI
Connect GitHub Copilot CLI to SonarQube for quality gates dependency risk checks coverage insights and agent driven analysis.
Read article >
SonarQube Remediation Agent Wins Best Innovation in AI for DevOps
SonarQube Remediation Agent wins AI TechAward for helping developers fix code issues faster while keeping security and quality in check.
Read article >
