Heading to Lausanne for #Insomnihack ? Meet our team there; we're presenting two talks:

🔓 Finding vulnerabilities in JumpServer
🧹 Bypassing HTML Sanitizers with mXSS

Excited to see you there!

#BuildPropulsionLab at #Devoxx France 2024 with @jmargaritaN twitter.com/i/broadcasts/1…

CleverTap is a customer engagement platform that powers over 10,000 apps globally, helping customers retain their users. Check out our recent case study on how their development teams improved their code quality with SonarQube!

Read the full story 👉 bit.ly/3VV7kRf

The costs of bad code in software development must be mitigated for business success. thenewstack.io/unraveling-the… #DevOps #SoftwareDevelopment #Coding Sonar

🚀 SonarCloud & SonarQube 10.4 expand the scanning capabilities to include Helm Chart files, alongside the existing #Kubernetes support. No extra steps needed to scans your Helm Charts, Kubernetes templates, & values.yaml. #DevOps #K8s #HelmChart

🔍Uncovering critical vulnerabilities in Jenkins, which could lead to RCE (CVE-2024-23898, CVE-2024-23897):

Check out our latest blog post for the technical details on how attackers could potentially gain unauthenticated RCE on #Jenkins

sonarsource.com/blog/excessive…

#vulnerability

Nominations for Pwnie Awards. Talks at Black Hat, DEF CON, HEXACON. Success at Pwn2Own. Vulnerabilities in TeamCity, Proton Mail, Moodle, and much more. 2023 was definitely an exciting year for us!

sonarsource.com/blog/vulnerabi…

#appsec #security #vulnerability

🎂 To celebrate and honor SonarQube’s 15th anniversary, we’re looking back and reflecting on the milestones that led to the Clean Code solution we know so well today. Check out this timelapse video on how SonarQube’s UI has evolved since 2008!

🎉 Happy New Year! What's in store for 2024? Between rapidly evolving topics such as AI and post-quantum cryptography, Our Developer Advocate Team shares their predictions on what they foresee for big trends this coming year

Read their predictions here!
bit.ly/48jplvY

👁 Secrets Detection: Available in SonarLint, SonarQube, and SonarCloud empowers developers to identify leaked secrets at various stages of the code development process - from the IDE, throughout code repositories, and across the CI/CD lifecycle

bit.ly/47Z95zW

Critical vulnerabilities in pfSense firewall: RCE via XSS and Command Injection!
Find out how SonarCloud discovered these vulnerabilities in our newest blog post:
sonarsource.com/blog/pfsense-v…
(CVE-2023-42325, CVE-2023-42326, CVE-2023-42327)
#pfSense #vulnerability #cleancode

🌐 Sonar Research recently discovered multiple vulnerabilities in pfSense, using SonarCloud! pfSense CE 2.7.0 and pfSense Plus 23.05.1 are vulnerable to two XSS vulnerabilities and a Command Injection vulnerability ⬇️

🔹CVE-2023-42325
🔹CVE-2023-42327
🔹CVE-2023-42326

Peter McKee of Sonar pulled together #predictions from 6 experts on the future of coding in the age of #AI . Here are the software development #trends they expect to surface in 2024. vmblog.com/archive/2023/1…

#supplychain #genAI #Cryptography #security

🔝Top issues in #Java projects 🔝

👏 Having #cleancode in our projects is important, and every developer would agree on that

👉According to SonarLint telemetry, there are lots of issues that appear in the list of analyzed projects by Sonar

1/9
sonarsource.com/blog/top-issue…

In this blog, AWS Solutions Architect Patrick Madec and Sonar Cloud Solutions Architect Kornél Zoltán Kotán dive into how Sonar built a unified API on AWS!

Read the full story 👇
go.aws/4achGRx

Attending AWS re:Invent? Stop by Booth 193! Learn how SonarCloud and SonarQube seamlessly integrate with AWS DevOps services like CodeCommit, CodeBuild, CodePipeline, and CodeCatalyst, to ensure your code is bug-free and production-ready!

SonarQube 10.3 is LIVE! 🚀
✅ Enhanced Secrets Detection
✅ Clean Code Taxonomy Updates
✅ Clean as You Code Improvements
✅ Stronger Security Capabilities
✅ Plenty of language updates

Thread below 🧵 👇

SonarCloud Product News is here! Subscribe to receive information on product releases, events, and other updates, delivered directly to your email inbox. It’s never been easier to stay in the loop for all things SonarCloud.

Subscribe below 👇
sonarsource.com/products/sonar…

AI-driven real estate intelligence company, Recognyte, sees immediate ROI with Sonar! In this case study, learn how SonarCloud Quality Gates can act as a benefit, not a bottleneck, for streamlining the DevOps workflow

It's essential to remember that benchmarks are not universally reliable indicators of SAST performance, as they often serve broader purposes. In certain instances, vulnerabilities may intentionally be fabricated, rendering them undetectable.

bit.ly/3Qphru8