Introducing Sonar Integration Program for code governance

Cognition partners with Sonar to help Windsurf and Devin customers write high quality, secure code at scale: https://lnkd.in/gz5jPwfP +1 to Gardner Johnson's perspective: "The SDLC encompasses a vast set of complementary technologies that work better when integrated together... By combining Cognition and Sonar's suite of products, our customers are able to build faster, improve the quality of their code, and finally address preexisting security vulnerability backlogs at scale" Bobby Nobakht Jeff Clawson Donald Fischer Manish Kapur Harry Wang Florian Poulin Maisie Guzi Katie Hyman

Jellyfish is thrilled to be an initial launch partner for the @sonar partner program. As #GenAI writes more code, customers need to understand code quality, security & reliability and how it impacts developer productivity + engineering effectiveness.

GitLab 18.5 brings AI agents into your everyday workflow, security insights that cut through the noise, and a reimagined interface that keeps your AI teammate always in view. Plus: Valuable new platform security and DevOps features. This is the future of software development. Watch the full video to see it in action.

 We just released GitLab 18.5 today with some significant security improvements that address a challenge I hear often from customers —too many vulnerabilities, not enough signal on what's actually exploitable. What's new for security teams: AI-powered triage - Automates hours of manual vulnerability analysis into seconds Reachability analysis - Shows which vulnerabilities are actually invoked in your code vs. just present Secret validity checks - Distinguishes active credentials from expired ones Diff-based scanning - Faster scans that only check changed code These updates help security teams cut through the noise and focus on real risks without slowing down development. #GitLab #AI #CICD #DevOps #Agile #DevSecOps #SDLC

We keep adding features like sprinkles on a burnt cake. More APIs, more endpoints, more “quick fixes.” But under the hood? A fragile mess of spaghetti logic, duct-taped tests, and TODOs that scream for closure. Here’s a wild idea: refactor before you reinvent. Clean code is survival. Especially when your future self (or unlucky teammate) has to debug it at 2 AM. Tech debt is real. And no, Jira tickets don’t count as therapy.

Building high-quality, secure software in the age of #AI requires a new level of integration across the entire development lifecycle. That's why we're proud to partner with Sonar as part of their new Sonar Integration Program. 🤝 By combining the power of JFrog with Sonar's best-in-class code analysis, developers can build better, more secure software without sacrificing speed. Together, we're building a stronger, more integrated future for software development - Learn more: https://bit.ly/42VKwDA

By combining the power of #JFrog with #Sonar's best-in-class code analysis, developers can build better, more secure software without sacrificing speed. Together, we're building a stronger, more integrated future for software development - Learn more: https://bit.ly/42VKwDA

🚀 Simplifying Deployments with ArgoCD in my k3s HomeLab I’ve integrated ArgoCD in my homelab to bring production grade GitOps automation into my Kubernetes workflow. With ArgoCD, every deployment now happens directly from Git — meaning any code change automatically syncs to the cluster with full version control and end-to-end visibility. 💡 What it helps me achieve: • Consistent, automated, and auditable deployments • Easy rollback to any previous version • Real-time app health and sync status monitoring This setup bridges the gap between Git and Kubernetes, making my deployments faster, safer, and fully traceable. #DevOps #GitOps #ArgoCD #Kubernetes #Automation #HomeLab #CloudNative #ContinuousDelivery

Building Compliant Software Shouldn't Slow You Down 🚀 In regulated industries like healthcare, finance, energy  and government, compliance isn't optional—but it also can't become a bottleneck. That's where GitLab's governance features shine: Pipeline & Scan Execution Policies automatically enforce security scans and testing at every stage. No manual gates, no forgotten checks—just continuous compliance built into your CI/CD workflow. Merge Request Policies ensure code reviews and approvals happen before anything reaches production. Define who needs to sign off, require specific checks to pass, and maintain an audit trail of every decision. Separation of Duties, Compliance Frameworks, and Audit Events give you the controls and visibility that auditors love—without creating friction for developers. The best part? Whether you're on GitLab.com, GitLab Dedicated or a Gitlab Self-Managed instance, you get the exact same enterprise-grade features. No compromises, no feature gaps. Your compliance strategy stays consistent regardless of where you run GitLab. Regulated doesn't have to mean slow. With the right tools, you can move fast and stay compliant. #DevSecOps #Compliance #RegulatedIndustries #GitLab #SoftwareDevelopment