Business Wire

Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues

2.8.2023 16:00:00 EEST | Business Wire | Press release

Share

Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/

To view this piece of content from mms.businesswire.com, please give your consent at the top of this page.

Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)

Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.

“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”

Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.

“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”

Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.

Achieving a Clean Code State

Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.

Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.

Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.

About Sonar

Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.

The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.

To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Kioxia and Sandisk Begin Production of 10th-Generation 3D Flash Memory Products at Kitakami Plant Fab23.7.2026 13:19:00 EEST | Press release

Kioxia Corporation, a subsidiary of Kioxia Holdings Corporation (TOKYO: 285A) and Sandisk Corporation (Nasdaq: SNDK) today announced the start of production for their 10th-generation 3D Flash memory technology at Fab2 (K2) at the Kitakami Plant in Iwate Prefecture in Japan. The milestone comes as the companies continue to drive meaningful, multi-year bit growth to address the strong demand for their innovative flash memory technology. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260702296115/en/ Unveiling ceremony for the K2 facility In conjunction with the start of production, the companies held an unveiling ceremony for the K2 facility. Opening in September 2025, the facility has produced the companies’ 8th-generation 3D flash memory products and will begin to scale production with the introduction of their 10th-generation products. Both generations of 3D flash memory adopt innovative CBA (CMOS directly Bonded to Array)

VeriSilicon Introduces CPP2000 Camera Post-Processing IP for Embodied Robotics and Mobile Vision Applications3.7.2026 13:02:00 EEST | Press release

VeriSilicon (688521.SH) today announced its high-performance CPP2000 Camera Post-Processing (CPP) IP, expanding the company’s Image Signal Processing (ISP) solutions with advanced post-processing capabilities. By improving image quality and visual perception in mobile imaging scenarios, CPP2000 enables more reliable vision performance in robotics, drones, and other mobile vision applications. CPP2000 integrates multiple image processing technologies and can further optimize YUV images output from image signal processors. The IP supports image and video processing at up to 8K resolution and offers multiple hardware configuration options to meet diverse requirements in Power, Performance, Area (PPA), and latency across different applications. CPP2000 leverages the combined operation of multiple image processing technologies, including motion-compensated temporal filtering, advanced spatial noise reduction, chroma adjustment and dynamic contrast improvement, and edge enhancement. Together

Messer Acquires Singapore-Based Industrial Gas Platform; Japan Corporate Advisory Institute Advises Sellers3.7.2026 12:11:00 EEST | Press release

Messer, the world’s largest privately held specialist for industrial, medical, electronic and specialty gases, has acquired WKS Group, a Singapore-based industrial gas platform with operations across Singapore and southern Malaysia. Transaction terms were not disclosed. Messer reported consolidated sales of approximately EUR 4.5 billion for its 2025 financial year. Founded in Singapore in 1977, WKS Group comprises six companies and employs approximately 195 people across Singapore and southern Malaysia. The acquisition expands Messer’s operating footprint in Southeast Asia and strengthens its access to key industrial clusters across the region. “We are pleased to have completed this transaction with Messer, whose strategic vision makes them an excellent partner for WKS Group,” said Mr. Wong Koh Hoi, shareholder of WKS Group. “We appreciate JCAI’s professionalism and dedication throughout the process, and their expertise was instrumental in achieving a successful outcome.” Japan Corpora

Access Advance Welcomes Meta Platforms, Inc. and Alibaba Group to the Video Distribution Patent Pool3.7.2026 02:00:00 EEST | Press release

Access Advance LLC today announced that Meta Platforms, Inc., one of the world's largest distributors of video content across its Facebook, Instagram, Threads, and WhatsApp services, has joined the Video Distribution Patent Pool (VDP Pool) as a Licensee. Meta also joined both the HEVC Advance and VVC Advance pools as a Licensee. Alibaba Group, whose video infrastructure spans a wide range of video-based services across e-commerce, entertainment, and digital media platforms, was also announced as a VDP Pool Licensee this week. Meta and Alibaba joining the VDP Pool further reinforces the program’s market leading position in resolving the licensing issues around the use of modern video codecs, including VP9, AV1, HEVC and VVC, across all the diverse business models of internet video streaming. "A significant U.S.-based company like Meta joining as a Licensee is a milestone moment for the content distribution business and the VDP Pool," said Peter Moller, CEO of Access Advance. "Meta reach

Kioxia Commences Sample Shipments of 10th-Generation BiCS FLASH™ Devices Delivering High Performance, High Capacity and Low Power Consumption3.7.2026 02:00:00 EEST | Press release

Kioxia Corporation, a world leader in memory solutions, today announced that it has commenced sample shipments of 1Tb (terabit) Triple-Level-Cell (TLC) memory devices utilizing its 10th-generation BiCS FLASH™ 3D flash memory technology.1 These will be primarily integrated into the company’s enterprise and data center SSDs, strengthening Kioxia’s lineup to meet the growing demand for AI storage, which requires higher performance, higher capacity, and lower power consumption. These new products will be manufactured using state-of-the-art equipment at Kioxia’s Kitakami Plant Fab2 facility in Iwate Prefecture, Japan. By leveraging innovative CMOS directly Bonded to Array (CBA) technology2 and On-Pitch Select Gate Drain (OPS) technology,3 both adopted since the 8th-generation BiCS FLASH™, the 10th-generation technology achieves a NAND interface speed of 4.8 Gb/s,4 a 33% improvement over the 8th generation. Bit density has increased by 59% by stacking 332 layers and improving lateral density

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
World GlobeA line styled icon from Orion Icon Library.HiddenA line styled icon from Orion Icon Library.Eye