はてなブックマーク

Blog post A comprehensive guide to the dangers of Regular Expressions in JavaScript I first heard about regular expression denial of service (ReDoS) vulnerabilities from GitHub's Dependabot. Several of my projects over the years have had dependencies that suffered from ReDoS vulnerabilities, and I would bet that if you've built any JavaScript project with dependencies, you've also come across this

SonarQube fits seamlessly into the developer workflow, from IDE to CI/CD, delivering integrated code quality and security through advanced SAST, SCA, IaC scanning, and secrets detection. Trusted by millions of developers, it ensures comprehensive coverage for first-party, AI-generated, and third-party code. By automatically detecting issues early, you can fix problems faster, reduce rework, and sh

Featured PostAnnouncing SonarSweep: Improving training data quality for coding LLMs Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues. Blog postBeyond cybersecurity awareness: Make a strategic shift to code securityOctob

Advanced linter for better code quality and stronger security Start left and discover issues early. SonarQube for IDE takes linting to another level empowering you to find & fix code issues in real time.

Sonar offers a single cohesive solution with a consistent set of metrics and hundreds of static analysis rules to detect your coding issues early. Plus fast and high-precision analysis means high value, low noise, and reliable results always. A single solution for dozens of popular languages, development frameworks and IaC platforms

Sonar helps development teams fuel AI-enabled development and build trust into every line of code.

SonarQube Server automates code quality and security reviews and provides actionable code intelligence so developers can focus on building better, faster. Deployed by you where you work: on-prem or in the cloud.