Business Wire

Sonar’s New, Powerful Deep-Analysis Capability Finds Hidden Code Level Security Issues


Sonar, the leading Clean Code solution provider, today announced a significant advancement of its Clean Code offering – developers can now automatically discover and fix code security issues arising from interactions between user source code and third-party, open-source libraries.

This press release features multimedia. View the full release here:

To view this piece of content from, please give your consent at the top of this page.

Sonar deeper SAST finds hidden code level security issues (Graphic: Business Wire)

Referred to as deeper SAST, the new advanced detection addresses issues that traditional SAST tools miss by not following the flow within library code. Traditional SAST vendors analyze user application code. These tools do not scan the combined code, and flag libraries in an unsophisticated way, ignoring the context and use within the library. The result is that library features are considered black boxes, leaving organizations in the dark about whether they're truly secure for a given context or not. Moreover, these tools typically support only a handful of popular frameworks, often requiring up-front configurations for setup. All of this leads to the security issues created by the unique usage of third-party open source libraries going undetected.

“Code is code, whether it is written by a developer in your team or whether it comes as part of a library that is solving a specific problem. The two different approaches always bothered me, and I am thrilled that we are now able to analyze all codes the same way at once, solving what was considered an impossible problem,” said Olivier Gaudin, CEO and co-founder of Sonar. “With the deeper SAST advancements made to our Clean Code solution, organizations can discover these vulnerabilities and resolve them quickly as code is developed.”

Sonar addresses the gap of traditional SAST through its fine-grained analysis of user source code interactions with external dependencies, all without the need for any special configuration or incremental costs. This deeper SAST innovation furthers Sonar’s mission to equip organizations to achieve a state of Clean Code — code that is consistent, intentional, adaptable, and responsible. When code adheres to these characteristics, software becomes reliable, maintainable, and secure.

“It’s estimated that over 90% of applications leverage third-party libraries and interact with the code within them, but most SAST tools don’t tell developers which dependencies make their code vulnerable. Security is mission-critical, and the more issues you find and fix before they have the ability to cause you harm, the better off your business will be,” said Rik Turner, a Senior Principal Analyst covering cybersecurity at Omdia. “This is the essence of the proactive security wave we are seeing across the cyber sector: find it and fix it before it’s exploited.”

Sonar deeper SAST functionality is available at no additional cost within commercial editions of SonarQube (self-managed) and SonarCloud (cloud-based) — industry-leading static analysis code review tools that continuously inspect and analyze the codebase using quality gates to determine if code meets the defined standards for development and production. Deeper SAST currently supports Java, C#, and TypeScript programming languages and covers thousands of the topmost and commonly used open-source libraries, including their subsequent (transitive) dependencies.

Achieving a Clean Code State

Sonar empowers development teams to write Clean Code by providing them with the right tools and best practices, so they can spend less time fixing issues and more time meeting delivery and business goals. Pairing the Sonar solution with the company’s Clean as You Code methodology — set standards for keeping new, added, or edited code clean — and its educational guidance for code called ‘Learn as You Code,’ developers have faster issue remediation and delivery, code enhancement, and can further professional growth and team retention. Today, there are over seven million developers using Sonar.

Sonar also actively engages with its ecosystem and customer communities, in addition to partnerships with several universities for security research projects, and the open source software and start-up communities. Additionally, Sonar has a dedicated team of security researchers that find and responsibly disclose exploitable zero-day vulnerabilities in open-source software; these findings are used as inspiration for new security rules and detections to help find vulnerabilities.

Learn more about our deeper SAST innovation and Sonar solution (SonarQube, SonarCloud, SonarLint). Meet Sonar experts at Black Hat USA, booth #2760, August 8-10.

About Sonar

Sonar empowers developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying the Sonar Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.

The open source and commercial Sonar solution – SonarLint, SonarCloud, and SonarQube – supports over 30 programming languages, frameworks, and infrastructure technologies. Trusted by more than 400,000 organizations globally to clean more than half a trillion lines of code, Sonar is integral to delivering better software.

To learn more about Sonar, please visit

To view this piece of content from, please give your consent at the top of this page.

Contact information

Katie Hyman
Senior PR Manager, Sonar

About Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

Esri Launches Online GIS Course for Climate Action28.9.2023 23:01:00 EEST | Press release

As the impacts of climate change increase and intensify around the world, one aspect that has become clear is the geographic nature of the issue. The ability to tackle such a wide-reaching geographic challenge requires technology that gives context, which location intelligence provides. To support the individuals working toward this goal, Esri, the global leader in geographic information system (GIS) technology, today announced it will offer a new massive open online course (MOOC) exploring the application of its software to address climate change impacts. The complimentary course will be available this fall for six weeks on the Esri Academy website and includes full access to ArcGIS Pro, ArcGIS Network Analyst, ArcGIS Online, and other ArcGIS software that uses science-based tools and authoritative data. GIS for Climate Action opens on October 25 and provides a comprehensive introduction to how GIS software is used to ingest, map, visualize, analyze, and share massive amounts of data.

Bartek Ingredients on Track with New Facility Doubling Capacity and Cutting Emissions by 80 Percent28.9.2023 22:43:00 EEST | Press release

Bartek Ingredients is pleased to provide an update on its progress on the world’s largest malic and fumaric acid manufacturing facility. The project, which broke ground in January 2023, is on schedule to deliver product to customers by the end of September 2024. This press release features multimedia. View the full release here: New Bartek manufacturing facility on track to deliver product by September 2024. (Photo: Business Wire) “We’re proud to confirm that we’re progressing as expected,” Bartek CEO John Burrows said. “We’re really excited to deliver our expanded capacity by next summer, in addition to new capabilities for a variety of new products.” Bartek expects the new facility to set a new global benchmark for plant safety, efficiency, and environmental performance. Among its anticipated accomplishments is a doubling of Bartek’s production capacity and a per unit greenhouse gas emissions reduction of more than 80 percent.

Brenus Pharma unveils promising pre-clinical results extrapolating human conditions in major international congresses.28.9.2023 17:30:00 EEST | Press release

Brenus Pharma announces that pre-clinical advancements of its inaugural research program were presented at the 7th CICON (International Cancer Immunotherapy) Conference in Milan, Italy (September 20-23) and will be showcased at the 38th Annual SITC (Society for Immunotherapy of Cancer) Congress in San Diego, CA, USA (November 1-5) These communications focus on pre-clinical validation of new developments of the first product generated by the STC Platform, STC-1010, which targets colorectal cancer in a first line of treatment. CONFERENCE TITLE AUTHORS RESULTS CICON23 P119: Allogenic Tumor Cell-Based Vaccine to Treat Colorectal Cancer: Development and Preclinical Validation George ALZEEB, Scientific Project Manager, Brenus Pharma, (Ph.D) Corinne TORTORELLI, Medical Lead, Brenus Pharma, (Pharm. D., Ph.D) Corentin RICHARD, Postdoc, Centre Georges-François Leclerc, ICMUB UMR CNRS 6302, (PhD) Romain BOIDOT, Molecular biologist, Centre Georges-François Leclerc, ICMUB UMR CNRS 6302, (PhD) Tangu

BM3EAC Corp. 2023 Semi-Annual Report28.9.2023 16:15:00 EEST | Press release

BM3EAC Corp. (the “Company”), a special purpose acquisition company incorporated under the laws of the Cayman Islands as an exempted company with limited liability and listed on Euronext Amsterdam, the regulated market operated by Euronext Amsterdam N.V., today published its semi-annual report for the period 1 January 2023 to 30 June 2023. The semi-annual report can be downloaded from the Company’s website via the following link: IMPORTANT INFORMATION This press release contains information that qualifies as inside information within the meaning of Article 7(1) of the EU Market Abuse Regulation. DISCLAIMER This announcement is not for distribution or release, directly or indirectly, and should not be distributed in or sent into, the United States, Australia, Canada, Japan, the Cayman Islands or South Africa or any other jurisdiction in which such distribution or release would be unlawful or would require registration or other measures. This announ

ASM Global and Leading Finnish Development Company Suvilahden Areena Oy to Partner in Major Helsinki Entertainment Venue Exploration28.9.2023 16:00:00 EEST | Press release

ASM Global, the world’s largest producer of entertainment experiences, and Suvilahden Areena Oy have announced an unprecedented alliance to propose serving as the lead in the future reimagination of Helsinki’s sprawling iconic and historic Hanasaari power plant built in 1909. The duo’s aim is to preserve as much of the legendary landmark building while integrating local culture and environment in combination with a state-of-the-art arena and festival area within the development. ASM Global will anchor the music and live-entertainment venue while exploring incorporating sports programming on a major scale. ASM Global Europe President Chris Bray said, “Hanasaaren voimala is a major next step for ASM Global in Finland. We already have a strong presence in Scandinavia and are now building on our recent expansion into Helsinki, which includes Kulttuuritalo. We believe that with our unrivalled global network, we will bring the world’s most sought-after concerts and artists to fans in Helsink

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom