Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues
2.8.2023 16:00:00 EEST | Business Wire | Press release
Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/
Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)
Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.
“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.
“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”
Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.
Achieving a Clean Code State
Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.
Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.
Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.
About Sonar
Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.
The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230802497889/en/
Contact information
Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
KATE Launches "KABUKE: Break Convention" Kabuki-Inspired International Campaign17.7.2026 10:00:00 EEST | Press release
Global cosmetics brand KATE launched “KABUKE: Break Convention,” a new international campaign drawing on elements of Kabuki, the traditional Japanese performing art. The campaign debuted on Wednesday, July 8, 2026. In this campaign, KATE’s shadow enhancing makeup—rooted in Japanese aesthetics—was paired with the Kabuki spirit inherited from traditional Kabuki theater to communicate the value of individuality and self‑expression through makeup on a global scale. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260708829427/en/ KATE international campaign “KABUKE: Break Convention” key visual. Dedicated website: https://www.kate-global.net/my/special/kate_kabuki/ Since its founding, KATE has championed the slogan “NO MORE RULES.,” offering makeup that defies convention and empowers individuals to express their identity and bring out confidence. At the heart of this vision is the brand’s signature shadow enhancing makeup approach
Yoshihiro Shimamura Joins the Marché du Film’s “Investors Circle 2026” as an Invited Investor, Backing a New Feature Film17.7.2026 04:00:00 EEST | Press release
Shimamura Yoshihiro Film Production Co., Ltd. (Head office: Osaka, Japan; Representative Director: Yoshihiro Shimamura), a company active in film production and investment, today announced that Representative Director Yoshihiro Shimamura has decided to invest in an international feature film after being invited to the “Investors Circle 2026” — a distinction that reflects his standing as one of the field’s most highly regarded producers and investors. Hosted by the Marché du Film, the business arm of the Festival de Cannes and one of the world’s largest film markets, the Investors Circle is an invitation-only summit that connects a select group of private investors with high-end feature films during early-stage financing. Held in Cannes, France, May 16-17, 2026, it brings internationally acclaimed directors and producers together with investors around a curated slate of projects in development. During the summit, Shimamura attended private pitching sessions and, after individual meeting
Meiji Seika Pharma: Results from the Global Phase III Trial (Integral-2) of Nacubactam, a Novel β-Lactamase Inhibitor, Highlighted in The Lancet Microbe ’s Coverage of ESCMID Global Congress 202617.7.2026 04:00:00 EEST | Press release
Meiji Seika Pharma Co., Ltd. (Headquarters: Tokyo, President and Representative Director: Toshiaki Nagasato) today announced that results from the global Phase III trial (Integral-2) of nacubactam (Development Code: OP0595), a novel β-lactamase inhibitor, were highlighted in The Lancet Microbe’s coverage of ESCMID Global Congress 2026 (held in Munich, Germany). As highlighted in The Lancet Microbe’s coverage, the key findings presented by Meiji Seika Pharma at ESCMID Global Congress 2026 are as follows: The Integral-2 study (jRCT2031230076) is a global Phase III clinical trial that enrolled patients with complicated urinary tract infections, acute uncomplicated pyelonephritis, hospital-acquired bacterial pneumonia, ventilator-associated bacterial pneumonia, or complicated intra-abdominal infections caused by carbapenem-resistant Gram-negative bacteria (excluding Acinetobacter species). The study has achieved the prespecified study objectives. For the primary endpoint of overall treatme
Takeda’s Zasocitinib Demonstrates Consistent, High Rates of Skin Clearance Across the Body, Including Hard-to-Treat and High-Impact Sites, in Phase 3 Psoriasis Studies17.7.2026 01:00:00 EEST | Press release
Takeda (TSE:4502/NYSE:TAK) announced new data from the two pivotal Phase 3 studies of zasocitinib (TAK-279), a next-generation, highly selective and potent oral tyrosine kinase 2 (TYK2) inhibitor, in adults with moderate-to-severe plaque psoriasis (PsO).1 Presented at the 2026 American Academy of Dermatology (AAD) Innovation Academy, these secondary endpoint data show that zasocitinib demonstrated consistent and high rates of skin clearance across hard-to-treat, high-impact sites, including the scalp, nails, palms and soles, compared with placebo.1-5 These data build on the topline results from the Phase 3 randomized, multicenter, double-blind, placebo- and active comparator-controlled LATITUDE PsO 3001 and 3002 studies.2,6 In those studies, about 70% of patients treated with zasocitinib achieved static Physician Global Assessment (sPGA) 0/1 (clear or almost clear skin) at week 16, with a significantly greater Psoriasis Area and Severity Index (PASI) 75 response rate seen as early as w
Merz Completes Inaugural €450 Million Schuldschein Loan Issuance17.7.2026 00:36:00 EEST | Press release
The Merz Group has successfully completed its first-ever Schuldschein loan issuance, placing a total volume of €450 million in the debt capital market – a multiple of three relating to the launch volume. The debut transaction was significantly oversubscribed and attracted strong interest from all investor groups. The proceeds were settled and paid out today. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260716926041/en/ Dr. Almuth Steinkühler, Chief Financial Officer Merz Group The transaction comprises both fixed- and floating-rate tranches with maturities of three, five, seven, and ten years. Around 50 German and international investors participated, representing a broad range of institutions, including private banks, German federal state-owned banks, public savings banks, cooperative banks, pension funds and occupational pension institutions. With the successful placement, Merz has further diversified its funding base by
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
