Sonar

On June 23, we're joining forces with OpenAI to demo how AI-generated code goes from written to verified. Tom Howlett, Sonar's Director of AI Engineering Engagement, and Vaibhav Srivastav, who leads Developer Experience and Community for Codex at OpenAI, are your guides. They start in the inner loop, verifying code as ChatGPT and Codex generate it so issues surface right away. From there they move to the outer loop, where SonarQube validates quality and security across the whole codebase and our AI Code Fix solution proposes one-click remediations. Built for developers, security teams, and engineering leaders who want to ship AI-assisted code with confidence. 📅 Tuesday, June 23 ⏰ 5pm CEST / 10am CT

Who, or what, is allowed to tell your agent to stop looping? 🔁 If the answer is the same model that wrote the code, you're trusting an optimist to grade its own work. Verification is the part of loop engineering that carries the real weight and is a critical step; it's what decides whether the loop's output can be trusted. Reliable verification works in two tiers: 🧠 An LLM verifier checks intent – whether the code actually solved the problem. That's useful, but it's an opinion, and it can shift from one run to the next. ✅ A deterministic check is the real stop. The same verdict on the same code every time, across security, quality, and maintainability. It's the one an agent can't reason past, and the one that keeps an unattended agent from shipping vulnerabilities or running up cost. Using both is the difference between automation and engineering. Learn how to get it right: https://lnkd.in/gwkdxVE5

We at Sonar just shipped something I've been waiting to announce for a while. SonarQube CLI is now generally available. The problem we kept hearing from engineering and security teams: AI coding agents are writing code faster than anyone can review it. They're reading local files, pulling in dependencies, transmitting prompts to LLMs — all before a single commit is made. Before any pipeline fires. Before any protection kicks in. The verification gap is real. So we built the fix. One binary. One auth step. Sonar's full verification standard , secrets scanning, dependency risk analysis, code quality checks, AI agent integration all running inside the agentic loop, not downstream of it. What that looks like in practice: ⚡ Secrets intercepted before the agent reads the file ⚡ Code quality checked after every file the agent writes ⚡ Dependency risks flagged at the terminal, not in a CI report hours later ⚡ Your codebase architecture injected into the agent's context before it starts Try it free: cli.sonarqube.com Learn more: https://lnkd.in/g2XzUZ5J #SonarQube #AgenticDevelopment #DevSecOps #AICode #AppSec

SonarQube CLI is generally available today 🚀 The verification that's defined code quality and security in CI/CD for years now runs everywhere your agents do: the terminal, your CI, git hooks, and right inside Claude Code and GitHub Copilot. The most important SonarQube capabilities – secrets detection, code quality and security analysis, and dependency risk scanning – are now available through a single command line tool, at the speed agents require. It's purpose-built for multilayered code verification in the agentic era. Get the details: https://lnkd.in/g7F2YAMw

Sonar is a Leader in the inaugural Gartner® Magic Quadrant™ for Technical Debt Management Tools 🎉 You can now read the full report for details. We placed highest of all vendors on Ability to Execute, which we feel means Sonar is delivering on our promise to help customers reduce technical debt. The report evaluates vendors across product/service, sales execution, customer experience, and more. Gartner provides the trusted independent analysis your team needs to understand this market and make confident tooling decisions. Download your copy: https://lnkd.in/gEWNEZ3n

What a milestone! Our co-founder, Olivier Gaudin, and CEO, Tariq Shaukat, have been named EY Entrepreneur Of The Year® 2026 Gulf South Award winners 🏆 It's recognition of a vision that's been remarkably consistent. Sonar was founded in 2008 on the belief that the software the world depends on should be reliable, secure, and maintainable, and that conviction has shaped everything from a small idea into a company trusted by 75% of the Fortune 100. What feels especially fitting is the timing: as AI transforms how code gets written, the case for trustworthy software has never been stronger. A proud moment for everyone at Sonar 👏

Massive shout out to our good friends at Sonar for joining us again as Gold sponsors for #CTOCraftCon: Europe 🎉 Sonar is the industry standard for automated code review, integrating code quality and code security into a single platform built for the AI-coding era. Sonar provides the essential, independent verification of all code—AI-generated and developer-written—so development teams can find and fix security, reliability, and maintenance issues quickly and effectively. Rooted in the open source community, Sonar's solutions support over 35 programming languages and are used by 7M+ developers across 400K organizations. Find out more about #CTOCraftCon: Europe and get your tickets here: https://lnkd.in/eckPnVyK #CTOCraft #EngineeringLeadership #SoftwareDevelopment #DataEngineering #TechLeadership #Europe

Ready to try the SonarQube plugin for GitHub Copilot CLI? Here's your guide to getting started. It covers the whole setup: installing the plugin, connecting it to your SonarQube project, and getting it running inside Copilot. Then it walks you through testing it, so you can confirm everything works before you put it to use. By the end, you'll have SonarQube's quality gates, issue scanning, coverage data, dependency risks, secrets detection, and Agentic Analysis reachable from within the same terminal session that wrote the code. See a sneak preview of the plugin working in action, below. Read the full guide here: https://bit.ly/4uoOzDn

Welcoming Gitar 💜 The agentic era changes how software gets built. It also changes what it means to trust it. Sonar has been building toward a verification platform built for this moment, and with the addition of Gitar, we're in perfect harmony. Read Tariq's letter on why AI code review is critical to the SonarQube verification platform — and his welcome to the Gitar team. You built something we're proud to bring into our platform, and we're excited to keep building together 🙌 https://lnkd.in/eQgFMAaC

SonarQube Server 2026.3 is built to help engineering teams ship secure code faster. 🚀 At the heart of this release: AI coding assistants like Cursor, Claude Code, and GitHub Copilot can now connect directly to your SonarQube Server projects — giving developers on-demand access to issues and quality gates right in their workflow, without any extra infrastructure to manage. Also new for Server: 🐍 Comprehensive Python intelligence (70+ new rules!) to protect applications from memory bloat and runtime errors ⚙️ Advanced language and automation support for Jenkins pipelines and PowerShell scripts 📋 Streamlined administration and compliance at enterprise scale — including automated reporting for Advanced Security users Read the announcement: https://bit.ly/3RPgsqB See full details on what's new: https://bit.ly/4ea7xY6