Sonar

Software development has shifted. It’s no longer just human-centric; it’s agent-driven. To help you scale your AI code output without collapsing under technical debt, we're launching three new Open Betas to support the Agent Centric Development Cycle: 🤖 Sonar Context Augmentation: Injects real-time, project-specific context from SonarQube directly into your AI agent's workflow before it writes a single line of code. Your standards, your architecture, your constraints — surfaced at the right moment, not dumped all at once. ⚙️ SonarQube Agentic Analysis: Brings Sonar's trusted analysis engine directly into the agent's generation loop, verifying code meets your functional, non-functional, and compliance standards in real time. ✅ SonarQube Remediation Agent: Generates verified, ready-to-review PRs the moment SonarQube flags something, and works through your existing backlog systematically — one PR at a time, on your team's terms. Together, they form one continuous, self-improving loop. Read the full story on how they work together: https://bit.ly/4cfqAAp

AI writes the code 🤝 SonarQube makes sure it's right. This is the maturity shift happening in software development right now — we're moving beyond asking LLMs to write code and hoping for the best, toward binding AI agents to a governance contract. The SonarQube MCP Server makes that possible. Paired with Claude Opus 4.6, it gives your AI agent direct access to real-time SonarQube data, so it addresses the specific issues blocking your quality gate — not its best guess at what might be wrong. Coverage is treated as a requirement, not an afterthought. And the fix is verified locally before it ever reaches CI. Check out our step-by-step guide so you can set this up in your own projects today: https://bit.ly/4m2NZsr

Your dependencies called. They want to know if you've verified them lately. In an era where teams use AI to rapidly prototype and build, generating code at speed only adds value if that code is trustworthy. SonarQube Advanced Security makes that achievable — with malicious package detection integrated directly into your CI/CD pipeline, automatically comparing dependencies against constantly updated lists of known malicious software, with real-time feedback the moment a risky dependency is introduced and quality gate enforcement to fail pipelines automatically if anything is flagged. Keep the speed. Keep the trust. See how 👇 https://bit.ly/4uUc2h1

SonarQube Server 2026.2 is here. 🚀 This release is built for teams who need to move fast without compromising on code quality or security — and it's packed with updates that matter: 🤖 Model-agnostic AI CodeFix: Intelligent remediation suggestions directly in your self-managed environment — no source code leaving your firewall, no exposure to public LLMs. 🌐 Expanded language & framework support: Java 25, FastAPI, Flask, Django, Groovy, and enhanced Apex — including new rules purpose-built to catch the subtle bugs AI coding assistants introduce. 🔒 Unified security reporting: SCA data, SBOM, and first-party code health together in one report — a complete picture of your codebase and software supply chain risk. Update your instance today, or talk to us about migrating to SonarQube Cloud for automatic updates and the same enterprise capabilities. 👇 https://bit.ly/4sBUwg2

brb, moving into the Wiz House at #RSAC2026 🏠 Looking for afternoon plans? Don't miss our 3pm session on the Agent Centric Development Cycle ⚡ Hear from Sonar VP Donald Fischer on how to build a secure development process using agents, and the critical partnerships and integrations you need to innovate freely while reducing technical debt.

Turns out "ship it and hope for the best" isn't a security strategy. The sixth installment of our State of Code: Developer Survey report series looks at how the best development teams are keeping security front and center as AI becomes a daily part of their workflow. With teams using an average of four AI tools—and 35% of that usage happening through personal, ungoverned accounts—building verification into the process is what separates teams that move fast responsibly from those that accumulate risk. The orgs getting this right are integrating automated verification directly into their workflows so AI speed leads to real security gains, not just faster output. Read our blog post for more insights: https://bit.ly/4rQXVpU

Boots on the ground and ready to roll for #RSAC2026 👢🥾 Visit Sonar at booth #S-1727 in the South Expo Hall this week to learn how we’re helping teams ship secure, high-quality software (& grab some swag!). Will we see you there?! Let us know in the comments! ⬇️

Imagine an AI wingman that not only writes code, but autonomously verifies it against your organization’s specific quality gates. 🤯 We've embedded the SonarQube MCP Server directly within SonarQube Cloud to make AI-integrated development more seamless than ever. This native integration closes the context gap by giving your AI assistants—like Claude Desktop, GitHub Copilot, or custom LLM agents—a direct line to Sonar’s deep analysis. ☁️💡 Now, your AI tools can perform high-value tasks directly within the conversational flow, helping you identify issues as you work so you can do it right, the first time. See how it works: https://bit.ly/4bK9OZ1

The silos between development and cloud security are officially coming down. 🧱🔨 With our Sonar + Wiz integration, bringing Sonar’s deep SAST insights directly into the Wiz Security Graph, we’re enabling teams to identify "toxic combinations" where code-level vulnerabilities meet runtime exposure. Met us at the Wiz House during #RSAC2026 (661 Howard St.) to learn more. And don’t miss the Wiz party that Tuesday! More here: https://bit.ly/4r6HbLf

High-performance engineering thrives when code verification is a natural, frictionless part of the software development lifecycle. 🚀 With automatic provisioning for GitHub repositories now generally available on SonarQube Cloud, we're eliminating the manual overhead of project setup. Every new repository is verified from the very first commit, providing actionable insights from day 1 without ongoing admin intervention. Maintain your organization’s standards by default and build a secure-by-default environment that scales with your team. See how it works: https://bit.ly/4bRpjiS