Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues
Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230802497889/en/
Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)
Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.
“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”
Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.
“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”
Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.
Achieving a Clean Code State
Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.
Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.
Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.
About Sonar
Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.
The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.
To learn more about Sonar, please visit https://www.sonarsource.com/company/about/.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230802497889/en/
Contact information
Katie Hyman
Senior PR Manager, Sonar
katie.hyman@sonarsource.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Transition Industries Signs Strategic Agreements for the Pacifico Mexinol Project, the Largest Standalone Ultra-Low Carbon Chemical Production Facility in the World30.6.2025 21:30:00 EEST | Press release
Transition Industries LLC, a developer of world-scale, net-zero carbon emissions methanol and green hydrogen projects in North America, held a signing event for an Engineering, Procurement, and Construction (EPC) contract with the consortium of Samsung E&A Co., Ltd. (Samsung E&A), Grupo Samsung E&A Mexico, S.A. de C.V., and Techint Engineering and Construction for the Pacifico Mexinol project located in Ahome, Sinaloa, Mexico, which is contingent upon the fulfillment of customary conditions precedent and obtainment of all required approvals. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630940954/en/ MAIRE group’s technology division NextChem, through its subsidiary KT TECH SpA, also signed a Basic Engineering, Critical and Proprietary Equipment Supply Agreement with Samsung E&A in connection with its proprietary NX AdWinMethanol®Zero technology supply to the project. Transition Industries is jointly developing the Pacif
Westinghouse and ITER Sign a $180M Contract to Advance Nuclear Fusion30.6.2025 16:45:00 EEST | Press release
Westinghouse Electric Company and ITER signed a contract for $180 million for the assembly of the vacuum vessel for the fusion reactor. This is a key milestone in the construction of the ITER reactor, leading the way toward the use of fusion as a practical future source of reliable carbon-free energy. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630497810/en/ The ITER Tokamak pit with the two vacuum vessel sector modules installed. Westinghouse has participated in the fabrication of the sectors of the vacuum vessel, as part of the Fusion for Energy (F4E) Consortium with its partners Ansaldo Nucleare and Walter Tosto. Westinghouse will be responsible for completing the vacuum vessel which is ITER’s most critical component: a hermetically sealed, double-walled steel container that will house the fusion plasma. When all the vacuum vessel sectors are in place, Westinghouse will start the most intensive stage of ITER assembl
Monetate Acquires SiteSpect to Deliver AI-Native Personalization and Testing at Enterprise Scale30.6.2025 16:00:00 EEST | Press release
Monetate, the leading AI-driven personalization platform, today announced it has acquired SiteSpect, a leader in A/B testing, to drive next-generation digital experience optimization. This acquisition accelerates Monetate’s vision to deliver intelligent, intentional, and individualized experiences at scale, powered by agentic AI and backed by the industry’s most advanced, enterprise-grade infrastructure. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250630514541/en/ The combination of Monetate’s real-time personalization and SiteSpect’s zero-flicker testing will yield an industry-first solution for enterprise-grade personalization, testing, and optimization. For the first time, global ecommerce and digital experience leaders can access unified client-side and server-side experimentation with full personalization capabilities in a single solution, designed for scalability and regulatory compliance. Monetate is now the only e
SS&C Blue Prism Recognized as a Gartner® Magic Quadrant™ RPA Leader for the Seventh Consecutive Year30.6.2025 16:00:00 EEST | Press release
SS&C Technologies Holdings, Inc. (Nasdaq: SSNC) today announced that SS&C Blue Prism has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Robotic Process Automation (RPA). “We’re delighted SS&C Blue Prism has been named a Leader in the Gartner Magic Quadrant for Robotic Process Automation for the seventh year running,” said Bill Stone, CEO and Chairman of SS&C Technologies. “SS&C Blue Prism combines market-leading RPA and orchestration technologies with the latest artificial intelligence so organizations can tackle more complex tasks and dynamic business processes. We’ve scaled to more than 2,700 digital workers and AI agents across our own operations, resulting in over $200 million in annual savings. With SS&C leading the charge on deployment, customers can be confident in rolling out SS&C’s automation solutions securely, effectively, and responsibly.” More than 2,800 companies worldwide leverage SS&C Blue Prism for AI-powered automation, helping organizations delive
Takeda Announces U.S. FDA Approval of GAMMAGARD LIQUID ERC, the Only Ready-to-Use Liquid Immunoglobulin Therapy with Low Immunoglobulin A (IgA) Content 130.6.2025 15:00:00 EEST | Press release
Takeda(TSE:4502/NYSE:TAK) today announced that the U.S. Food and Drug Administration (FDA) has approved GAMMAGARD LIQUID ERC [immune globulin infusion (human)] with less than or equal to 2 µg/mL IgA in a 10% solution, the only ready-to-use liquid immunoglobulin (IG) therapy with low immunoglobulin A (IgA) content, as replacement therapy for people two years of age and older with primary immunodeficiency (PI). As a ready-to-use liquid, GAMMAGARD LIQUID ERC may help ease the administration burden for patients and their health care providers by eliminating the need for reconstitution and can be administered intravenously or subcutaneously.1 “The approval of GAMMAGARD LIQUID ERC reinforces our commitment to supporting individualized treatment approaches for people with primary immunodeficiency, including a therapeutic option that has the lowest IgA content of any ready-to-use liquid immunoglobulin therapy, and can be administered intravenously or subcutaneously,” said Kristina Allikmets, s
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom