🎂 To celebrate and honor SonarQube’s 15th anniversary, we’re looking back and reflecting on the milestones that led to the Clean Code solution we know so well today. Check out this timelapse video on how SonarQube’s UI has evolved since 2008!

Nominations for Pwnie Awards. Talks at Black Hat, DEF CON, HEXACON. Success at Pwn2Own. Vulnerabilities in TeamCity, Proton Mail, Moodle, and much more. 2023 was definitely an exciting year for us! sonarsource.com/blog/vulnerabi… #appsec #security #vulnerability

🔍Uncovering critical vulnerabilities in Jenkins, which could lead to RCE (CVE-2024-23898, CVE-2024-23897): Check out our latest blog post for the technical details on how attackers could potentially gain unauthenticated RCE on #Jenkins sonarsource.com/blog/excessive… #vulnerability

🚀 SonarCloud & SonarQube 10.4 expand the scanning capabilities to include Helm Chart files, alongside the existing #Kubernetes support. No extra steps needed to scans your Helm Charts, Kubernetes templates, & values.yaml. #DevOps #K8s #HelmChart

The costs of bad code in software development must be mitigated for business success. thenewstack.io/unraveling-the… #DevOps #SoftwareDevelopment #Coding Sonar

As an RPC client, I invoke functions on other servers, what can go wrong?🧐 Learn more on the security risks Apache Dubbo’s consumers face: sonarsource.com/blog/apache-du… #appsec #security #apache

CleverTap is a customer engagement platform that powers over 10,000 apps globally, helping customers retain their users. Check out our recent case study on how their development teams improved their code quality with SonarQube! Read the full story 👉 bit.ly/3VV7kRf

#BuildPropulsionLab at #Devoxx France 2024 with @jmargaritaN x.com/i/broadcasts/1…

Heading to Lausanne for #Insomnihack? Meet our team there; we're presenting two talks: 🔓 Finding vulnerabilities in JumpServer 🧹 Bypassing HTML Sanitizers with mXSS Excited to see you there!

📣 We have a new President of Field Operations – Lynne Doherty A sales leader with 20+ years of experience, and a developer at heart, we are thrilled to have Lynne join the Sonar team and help us bring Clean Code to developers around the world 🤗

The simple <script> XSS didn’t work? Don’t give up before trying some mXSS magic🪄. Get to know the fundamentals of this bug class on your way to becoming a master of sanitizer bypasses: sonarsource.com/blog/mxss-the-… #appsec #security #vulnerability #mXSS

SonarQube 10.6 is LIVE! 🚀 ✅ SonarQube runs in a FIPS-enforced environment ✅ C and C++ autoconfiguration ✅ Set rule priority to uphold your coding standards ✅ Added Scikit-learn library support for Python AI/ML practitioners. 🧵👇

Sonar Team members between Geneva, Austin, Bochum, London, and Singapore joined in their respective home offices for Petit Raout 2024! Between go-kart racing, mini golf, and wood-cutting classes, the teams brainstormed initiatives to grow the company and build upon its culture

😳 We actually hit 10,000 followers!! 🎉 Thank you all for being a part of our vulnerability research journey and mission to turn code into #CleanCode. Over the years, we've uncovered some wild bugs. Let's take a look back at our personal highlights... 🧵👇

Join Peter McKee on August 28 for a Sonar Virtual Event to discover how implementing static code analysis in our CI/CD pipeline is crucial to optimizing code quality! Register here 👇 sonarsource.zoom.us/webinar/regist…

Announcing the addition of Cloud Application Security Assessment (CASA) reports in SonarCloud. Aligned with OWASP ASVS, CASA helps secure apps with sensitive data, boosting your security posture. Coming soon to SonarQube as well 🙂 #AppSec #Security #OWASP

Level Up Your Software Quality With Static Code Analysis | By Robert Curlee, thanks to Sonar thenewstack.io/level-up-your-… #CICD #SoftwareTesting #CyberSecurity

Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser. Read about it here: sonarsource.com/blog/governmen… (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)