Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues
Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/
Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)
Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.
“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.
“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”
Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.
Achieving a Clean Code State
Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.
Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.
Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.
About Sonar
Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.
The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230802497889/en/
Contact information
Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Scientist.com Wins Supplier Management Excellence Award at B2B Ecommerce Awards6.11.2025 16:43:00 EET | Press release
Scientist.com, the leading AI-enabled R&D orchestration platform for the life sciences, has been named the winner of the Supplier Management Excellence award at the prestigious B2B Ecommerce Awards. The honor recognizes organizations that set new standards in supplier network innovation, integration, and performance to deliver superior customer value. “Winning this award is a tremendous honor and a testament to our team’s relentless focus on simplifying and accelerating R&D,” said Andrew Nashed, VP, Supplier Relations at Scientist.com. “Our platform automates and optimizes the complex process of supplier management, enabling scientists to focus on innovation while we handle compliance, integration, and operational efficiency.” Scientist.com was recognized for its industry-leading approach to building and managing the world’s largest network of scientific service providers. Its technology-driven platform connects pharmaceutical, biotech, and academic researchers with over 6,000 pre-qual
CoMotion GLOBAL 2025 Unveils ‘Mayors in Motion’ Initiative: 100+ City Leaders to Accelerate Urban Innovation6.11.2025 16:00:00 EET | Press release
CoMotion GLOBAL, the world’s most influential gathering of urban mobility leaders, today announced the launch of Mayors in Motion, a landmark initiative uniting more than 100 global mayors and city leaders to accelerate urban innovation and sustainable development. The program will debut at the upcoming CoMotion GLOBAL conference in Riyadh, December 7–9, underscoring the summit’s growing role as a catalyst for collaboration among the world’s most forward-thinking cities. Designed to drive progress toward more connected, sustainable, and inclusive cities, Mayors in Motion will serve as a powerful global network for city leaders to exchange insights, coordinate strategies, and champion practical solutions. Through this coalition, participating mayors will collaborate to address critical shared challenges – from decarbonization and digital transformation to equitable access and urban resilience. The inaugural program features an exceptional lineup of current and former mayors alongside se
Game Developers Can Now Strengthen Player Loyalty and Security With Xsolla’s Expanded Fintech Ecosystem This Holiday Season6.11.2025 16:00:00 EET | Press release
Xsolla, a global video game commerce company that helps developers launch, grow, and monetize their games, today announced the expansion of its fintech ecosystem with a new suite of Xsolla-owned payment methods just in time for the busy holiday sales season, when transactions surge. Reliable payment solutions are essential for success. These solutions are designed to help developers strengthen player loyalty, reduce transaction friction, and maintain secure, trusted checkout experiences across global markets. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251106730479/en/ (Graphic: Xsolla) As the gaming industry enters its peak seasonal spending period and focuses on sustaining loyal player engagement, Xsolla continues to invest in fintech innovations that connect all aspects of commerce, rewards, and security. Xsolla’s owned payment portfolio includes Xsolla Gold Gift Cards (both physical and digital) and the Xsolla Pay Loy
FIA Collaborating With Leading American University to Examine the Role of AI in Tackling Online Abuse in Sport6.11.2025 16:00:00 EET | Press release
The Fédération Internationale de l'Automobile (FIA), the global governing body for motor sport and the federation for mobility organisations worldwide, has today announced a landmark research collaboration with the University of Notre Dame, a leading research university in the United States. Supported by the FIA Foundation, the collaboration will strengthen the global response to online abuse in sport through joint research and innovation. The agreement sets out a framework for collaborative research projects between the FIA and the University of Notre Dame. These will focus on the causes, impact, and prevention of online abuse in sport, including the emerging role of artificial intelligence (AI) in both the spread of harmful content and the development of potential solutions. Additionally, they will examine how online abuse intersects with identity, alongside athlete experiences, mental health, and the regulatory response of sports federations. The University of Notre Dame and United
Tigo Energy Modernizes Installer Experience with All-Digital Installation Resources6.11.2025 16:00:00 EET | Press release
Tigo Energy, Inc. (NASDAQ: TYGO) (“Tigo” or “Company”), a leading provider of intelligent solar and energy software solutions, today unveiled a comprehensive upgrade to the way the Company supports solar installers with product documentation during the installation process. Beginning in November 2025, new Tigo TS4 Flex MLPE product shipments will replace printed installation manuals with digital documentation accessible via QR codes prominently displayed directly on each product box. The change to digital documentation gives installers instant access to the most current installation guides, immersive visual guides and videos, and localization for languages in the markets Tigo serves. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20251106349149/en/ Tigo’s new QR code system replaces printed manuals, giving installers like Mann Solar on-demand access to current installation guides and localized documentation. In the spirit of T
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom