Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues
2.8.2023 16:00:00 EEST | Business Wire | Press release
Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/
Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)
Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.
“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.
“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”
Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.
Achieving a Clean Code State
Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.
Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.
Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.
About Sonar
Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.
The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230802497889/en/
Contact information
Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Wolters Kluwer Integrates Legal Intelligence Platform With Libra Legal AI Workspace in the Netherlands14.7.2026 10:00:00 EEST | Press release
Wolters Kluwer Legal & Regulatory today announced the integration of its Legal Intelligence multi-content-provider platform with the Libra by Wolters Kluwer AI workspace in the Netherlands. Dutch legal professionals will now be able to access more than 5000 additional pieces of expert legal content from Wolters Kluwer and third-party content providers as well as public sources in addition to the existing content offerings in Libra. “By bringing Legal Intelligence into Libra, we move beyond traditional search to truly integrated, AI-driven workflows,” said Rimco Spanjer, Vice President & Managing Director, Wolters Kluwer Legal & Regulatory Benelux. “Combining our authoritative content with trusted third-party sources in one AI workspace enables legal professionals to work smarter every day.” The integration will include trusted legal content from Kluwer Law International, Ars Aequi, Amsterdam University Press, Celsus Juridische uitgerij, Iustitia Scripta, M.A.D.Lex, MOC Uitgeverij, NL-F
Empire State Building Observation Deck Debuts New Family Bundle Ticket Options13.7.2026 23:30:00 EEST | Press release
The Empire State Building Observation Deck (ESBOD), atop the “World’s Most Famous Building,” announced today new ticket bundle options for families of all ages to save on their visit to the famed New York City landmark. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260713003884/en/ Empire State Building Observation Deck Debuts New Family Bundle Ticket Options Groups of four who purchase the new Family Ticket Bundle can save up to 20 percent on tickets to the Empire State Building’s iconic 86th and 102nd Floor Observation Decks, with options for express access and flex admission. The Family Ticket Bundle is available online only. “The Empire State Building Observation Deck is one of the best activities for families in NYC with immersive, educational museum exhibits and Manhattan’s best skyline views,” said Dan Rogoski, observatory general manager. “There is no better place to make family memories than at the #1 attraction in
Kinaxis Inc. to Host Second Quarter 2026 Financial Results Conference Call on August 6, 202613.7.2026 23:05:00 EEST | Press release
Kinaxis® Inc. (TSX:KXS), a global leader in end-to-end supply chain planning and orchestration, today announced that it has scheduled a conference call to discuss its financial results for the second quarter ended June 30, 2026. The call will be hosted on Thursday, August 6, 2026, at 8:30 a.m. Eastern Time by Razat Gaurav, Chief Executive Officer, and Peter Yaraskavitch, Vice President, Financial Planning and Analysis, followed by a question and answer period. The Company will report its financial results for the second quarter after the close of markets on Wednesday, August 5, 2026. CONFERENCE CALL DETAILS DATE: Thursday, August 6, 2026 TIME: 8:30 a.m. Eastern Time WEBCAST: https://events.q4inc.com/attendee/854228135 (available for three months) About Kinaxis Kinaxis is a leader in modern supply chain orchestration, powering complex global supply chains and supporting the people who manage them. Our powerful, AI-infused supply chain orchestration platform, Maestro, combines proprietar
PagerDuty Announces Arnaud Lagarde, Vice President of EMEA13.7.2026 23:05:00 EEST | Press release
PagerDuty, Inc. (NYSE: PD), a leader in AI-first operations management, today announced the appointment of Arnaud Lagarde as vice president of EMEA. Lagarde will lead PagerDuty’s next phase of growth in the EMEA region, bringing the entire incident management lifecycle to customers across EMEA to solve their biggest digital challenges. “We are thrilled to appoint Arnaud as vice president of EMEA, since he brings a wealth of enterprise sales relationships and years of experience growing this region,” said Todd McNabb, chief revenue officer at PagerDuty. “Arnaud brings a specific combination of deep technical expertise and leadership that will be critical for PagerDuty’s customers, partners and employees. He is a great fit for PagerDuty and we look forward to his impact.” Lagarde brings to the role over 20 years of experience spanning companies like Automation Anywhere, CA Technologies and BMC. Over the past two decades, he has worked closely with founders, investors and executive teams
Samos Energy Acquisition Corporation Announces Closing of $230 Million Initial Public Offering13.7.2026 22:42:00 EEST | Press release
Samos Energy Acquisition Corporation (the “Company”) announced today the closing of its initial public offering (“IPO”) of 23,000,000 units, including the full exercise by the underwriters of their overallotment option to purchase an additional 3,000,000 units. The offering was priced at $10.00 per unit, resulting in gross proceeds to the Company of $230,000,000. The units began trading on the New York Stock Exchange (the “NYSE”) under the ticker symbol “SAMO.U” on July 10, 2026. Each unit consists of one Class A ordinary share and one-half of one redeemable warrant, with each whole warrant entitling the holder thereof to purchase one of the Company’s Class A ordinary shares at an exercise price of $11.50 per share. Once the securities comprising the units begin separate trading, the Class A ordinary shares and warrants are expected to be listed on the NYSE under the symbols “SAMO” and “SAMO.WS,” respectively. Of the proceeds received from the consummation of the initial public offerin
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
