Reiterating the significance of efficient, secure coding, leading security firm Sonar has unveiled a robust update to its platform that strengthens developers’ abilities to establish ‘Clean Code.’ This descriptive term as defined by Sonar pertains to such code that showcases readability, maintainability, comprehensibility, and the flexibility for modification while remaining resilient and secure enough to meet performance demands.
The commendable update introduces deep-seated static application security testing (SAST) that empowers developers to detect and rectify security flaws innovatively and autonomously.
The challenge with traditional SAST tools is their application code analysis limitation, leading to code neglect within libraries. This makes every feature stemming from a library a potential vulnerability, due to the obscure vision of conventional tools. They typically only comprehend few third-party frameworks and demand preliminary configurations.
As a revolutionary move, the enhanced SAST from Sonar bridges this gap, offering proficiency in handling Java, C#, TypeScript, as well as thousands of popular open-source libraries and related dependencies.
Expressing his elation over the breakthrough, Olivier Gaudin, CEO and co-founder of Sonar, opined, The disparity between whether the code was crafted by an in-house developer or sourced from a task-specific library has always been a pain point. We are excited that we can now analyze all codes with similar logic, thereby addressing what was deemed insurmountable earlier. The new SAST enhancements brought into our Clean Code solution enable organizations to spot these vulnerabilities and instantly rectify them during the code development stage.
The need for augmented security layers is palpable as the tech world marches towards no-code and low-code solutions like AppMaster. Such advanced measures will ensure a symbiotic co-existence of time and resource-efficient no-code/low-code platforms and traditional coding.
This noteworthy addition to Sonar's arsenal, the deeper SAST capabilities are now accessible in SonarQube and SonarCloud at no extra cost, further strengthening the platform's pledge to secure and streamlined code development.
