Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues
2.8.2023 16:00:00 EEST | Business Wire | Press release
Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/
Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)
Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.
“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.
“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”
Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.
Achieving a Clean Code State
Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.
Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.
Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.
About Sonar
Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.
The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230802497889/en/
Contact information
Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Access Advance and Alibaba Announce Alibaba's Expanded Participation in the VDP Pool2.7.2026 03:00:00 EEST | Press release
Access Advance LLC and Alibaba Group today announced that Alibaba has joined the Access Advance Video Distribution Patent Pool (VDP Pool) as a Licensee, securing a license to the pool's comprehensive coverage of HEVC, VVC, VP9, and AV1 codec technologies. The announcement marks a milestone in a multi-year collaboration between the two companies that spans the VVC Advance Patent Pool, where Alibaba participates as both a Licensor and Licensee, and the VDP Pool, where Alibaba joined as a Licensor in 2025. Alibaba's subsidiary Youku, one of China's leading streaming platforms, also joined the VDP Pool as a Licensee in 2025. Alibaba operates one of the world's most diverse video ecosystems, spanning a wide range of video-based services across e-commerce, entertainment, and digital media. As video has become central to how consumers shop, communicate, and access entertainment, the breadth of Alibaba's video operations reflects the kind of business model complexity the VDP Pool was designed
Vertex Announces US FDA Approval for Expanded Use of CASGEVY ® for the Treatment of People Ages 2 Years and Older With Sickle Cell Disease or Transfusion-Dependent Beta Thalassemia2.7.2026 02:58:00 EEST | Press release
Vertex Pharmaceuticals Incorporated (Nasdaq: VRTX) announced today that the U.S. Food and Drug Administration (FDA) has approved expanded use of CASGEVY® (exagamglogene autotemcel) for the treatment of people ages 2 years and older with either sickle cell disease (SCD) with recurrent vaso-occlusive crises (VOCs) or transfusion-dependent beta thalassemia (TDT). CASGEVY is the first approved genetic therapy indicated for children as young as 2 years for both SCD and TDT. “Just as we redefined what is possible in cystic fibrosis, our ambition is to transform the future for people living with sickle cell disease and transfusion-dependent beta thalassemia. The remarkable consistency of results across age groups reinforces the potential of CASGEVY to deliver durable, transformative benefits to those who have historically had limited options,” said Reshma Kewalramani, M.D., Chief Executive Officer and President, Vertex. “We’re deeply grateful to the patients, families and investigators who pa
Robinhood Chooses Morpho to Power New Earn Product1.7.2026 22:15:00 EEST | Press release
Morpho, the open blockchain-based credit network, today announced it will power Robinhood’s new Earn product, enabling Robinhood's millions of eligible users more options to earn yield onchain via a self-custody wallet, directly within the Robinhood app. The product will roll out progressively to Robinhood's US customer base over the coming weeks. The Robinhood Earn product aims to provide risk-adjusted yield on idle balances using USDG, a dollar-pegged stablecoin. Morpho serves as the underlying credit network, Steakhouse Financial curates the vault infrastructure supporting the product, and Robinhood Chain acts as the settlement layer. The product is delivered through a seamless experience in the Robinhood app. Morpho operates as an open network on the blockchain. Lenders and borrowers compete in real time, helping create more efficient markets and enabling financial products with better rates and terms for users. USDG supplied through Robinhood Earn is deposited into a Morpho Vault
Photonics Innovators Worldwide Invited to Compete for SPIE Prism Awards1.7.2026 21:33:00 EEST | Press release
SPIE, the international society of optics and photonics, invites the optics and photonics community to apply for this year’s SPIE Prism Awards, which recognize outstanding new products making waves on the market. Honorees will be announced at the highly-anticipated award ceremony on 3 February 2027 at SPIE Photonics West in San Francisco, California. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260701642411/en/ SPIE Prism Awards honor exceptional new products transforming optics and photonics technologies. These awards, dubbed the “Oscars of Photonics,” provide scientists and engineers in the optics and photonics industry the opportunity to showcase their contributions to the field. Finalists and winners receive extensive print, web, and onsite promotion at SPIE Photonics West, which draws more than 22,000 researchers and industry leaders every year. “The Prism Awards are recognized across the optics and photonics industry
Around 500 Attend Sino-European ESG Conference in Germany1.7.2026 19:00:00 EEST | Press release
Around 500 government officials, business executives and academics from China and Europe gathered in the western German city of Mainz on Friday for the Third Sino-European Corporate ESG Best Practice Conference to discuss how deeper cooperation can support sustainable economic growth. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260701255421/en/ Group photo of selected attendees at the conference. Hosted by the Chinese Consulate General in Frankfurt and jointly organized with authorities from Germany and China, the conference brought together participants from China, Germany, France, Italy, the Netherlands, Denmark, Luxembourg and several other countries under the theme "From Vision to Practice: Empowering Sustainable Growth Through Collaboration." Francesco La Camera, Director-General of the International Renewable Energy Agency (IRENA), delivered a video address. Speaking at the opening ceremony, Huang Yiyang, Chinese Co
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom
