Business Wire

Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues

2.8.2023 16:00:00 EEST | Business Wire | Press release

Share

Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)

Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.

“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”

Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.

“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”

Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.

Achieving a Clean Code State

Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.

Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.

Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.

About Sonar

Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.

The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.

To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Samos Energy Acquisition Corporation Announces Pricing of Initial Public Offering10.7.2026 16:32:00 EEST | Press release

Samos Energy Acquisition Corporation (the “Company”) announced today the pricing of its initial public offering (“IPO”) of 20,000,000 units at a price of $10.00 per unit. The units will be listed on the New York Stock Exchange (the “NYSE”) and trade under the ticker symbol “SAMO.U” beginning on July 10, 2026. Each unit consists of one Class A ordinary share and one-half of one redeemable warrant, with each whole warrant entitling the holder thereof to purchase one of the Company’s Class A ordinary shares at an exercise price of $11.50 per share. Once the securities comprising the units begin separate trading, the Class A ordinary shares and warrants are expected to be listed on the NYSE under the symbols “SAMO” and “SAMO.WS,” respectively. Cantor Fitzgerald & Co. is acting as the sole book running manager for the proposed offering. The Company has granted the underwriter a 45-day option to purchase up to an additional 3,000,000 units at the IPO price. The public offering is being made

Onera hPSG ® Wins Prestigious Red Dot Product Design Award10.7.2026 16:00:00 EEST | Press release

Onera Health, a leader in transforming sleep medicine, announces that its innovative product, Onera hPSG®, has been honoured with the prestigious Red Dot Product Design Award for 2026. This international recognition celebrates exceptional design quality and underscores Onera Health's commitment to excellence, creativity, and patient-centric innovation. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260710266668/en/ Onera Health's patch-based home polysomnography solution, Onera hPSG®, wins Prestigious Red Dot Product Design Award 2026. The Red Dot Award, one of the most sought-after seals of quality for good design, attracted thousands of entries from around the globe. Onera hPSG® stood out for outstanding functionality, striking aesthetics, and thoughtful user experience. The expert jury praised the product for translating complex sleep diagnostics into a wearable, easy-to-use system that enables low-threshold application.

teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening10.7.2026 10:00:00 EEST | Press release

teamLab Biovortex Kyoto has welcomed over 1 million visitors as of July 6, 2026, 9 months after its grand opening. (*1) These visitors arrived from more than 150 countries and regions. International visitors account for approximately 42% of the total. Many of these international visitors travel from distant countries and regions, including the United States, Australia, Canada, the United Kingdom, and Germany. Approximately 30% of these international visitors purchase their tickets at least 30 days in advance. teamLab Biovortex Kyoto is teamLab's largest museum in Japan, with an average visitor stay of over two and a half hours. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709913938/en/ teamLab Biovortex Kyoto Welcomes Over 1 Million Visitors within 9 Months of Opening *1 According to ticket purchase data from the official teamLab Biovortex Kyoto website (survey period: October 7, 2025 – July 6, 2026) Visitors Comment (M

Robbyant Launches LingBot-VA 2.0 Built Natively for Embodied AI and Physical World Control10.7.2026 09:48:00 EEST | Press release

Robbyant, an embodied AI company within Ant Group, today announced the release of LingBot-VA 2.0, the industry’s first embodied-native video-action world model. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260709654440/en/ A robot powered by LingBot-VA 2.0 engages in a real-time tabletop air hockey match with a human This release marks a key transition in robotics foundation models, shifting from repurposing digital world models to designing them natively for the physical world. Instead of relying on fine-tuned digital content generation models, LingBot-VA 2.0 is built from scratch to meet the original demands of dynamic modeling, causal prediction, and real-time execution in physical environments. Integrating world models with embodied AI has been one of the major focuses of the AI industry. However, most mainstream approaches rely on video generation models designed for digital content, which are then fine-tuned for robo

SureWerx Appoints Erik Pertot as VP/GM SureWerx EMEA10.7.2026 09:00:00 EEST | Press release

SureWerx, a leading global manufacturer of personal protective equipment, safety products, tools and equipment solutions, today announced the appointment of Erik Pertot as VP/GM SureWerx EMEA. Pertot will report directly to CEO Scott Dowell and will lead growth, manufacturing and M&A activities in Europe across the company’s global portfolio. Erik joins SureWerx with more than 20 years of international leadership experience across engineering, quality, marketing, sales, international supply chain, product management, and general management. He brings deep expertise in the personal protective equipment industry, with a track record of leading complex, compliance-critical programs, managing business transitions, and driving growth across multinational environments. Most recently, Pertot served as Global General Manager for Footwear and Fall Protection at Protective Industrial Products (PIP), where he also held senior portfolio management leadership roles. Prior to that, he held a series

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye