Sonar's latest blog posts
State of Code Developer Survey report: The current reality of AI coding
Sonar analyzes over 750 billion lines of code every day. This gives us a unique, high-level view of the state of code quality and security across the globe.
State of Code Developer Survey report: The current reality of AI coding
What we found challenges the common narrative. While AI adoption is massive, it hasn’t led to a simple, linear boost in productivity. Instead, it has shifted the bottleneck from writing code to verifying it.
Read article >
Seven indicators your codebase is unmanageable
This article outlines seven indicators of an unmanageable codebase and details how continuous, automated code review using SonarQube provides the mandatory data metrics for diagnosis, quantitative prioritization, and remediation, transforming the management of code quality issues from a severe burden into a strategic investment.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Introducing architecture in SonarQube
Today, we are announcing a transformative step forward to help teams manage their software at a higher level, with the addition of architecture capabilities in SonarQube.
Read article >
New data on code quality: GPT-5.2 high, Opus 4.5, Gemini 3, and more
Today, we are making all evaluations available in a new Sonar LLM leaderboard and sharing our latest findings on GPT-5.2 High, GPT-5.1 High, Gemini 3.0 Pro, Opus 4.5 Thinking, and Claude Sonnet 4.5.
Read article >
SonarQube Server 2025.6 is here: Vibe, then verify faster than ever
This release delivers deeper integrations, dramatically faster analysis, and unmatched support for the latest, most popular languages, helping your team embrace the “vibe, then verify” philosophy.
Read article >
The intelligent approach to achieve MISRA C++:2023 compliant source code
SonarQube provides an intelligent, high-precision, and integrated solution for development teams to achieve full, friction-free compliance with the MISRA C++:2023 coding standard for C++17 safety-critical applications.
Read article >
Zombie Workflows: A GitHub Actions horror story
Our research team recently discovered an exploitable pattern in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.
Read article >
The Cloudflare outage and why code quality matters more than ever
This blog post looks at how seemingly small decisions can have massive effects, and the importance of prioritizing code quality to build reliable software.
Read article >
A technical look at SonarSweep for GPT-OSS-20B
This release is not intended to compete with state-of-the-art (SOTA) reasoning models. Instead, it serves as a technical demonstration of how training data quality impacts the quality of a model’s code generation output.
Read article >
Why prioritizing code quality is the fastest way to reduce security risks
The common perception is that a security vulnerability is a rare, complex attack pattern. In reality, the journey of most flaws begins much earlier and much more simply: as a code quality issue. For both developers and security practitioners, understanding this lifecycle is crucial to building secure, reliable, and maintainable software.
Read article >
Introducing Sonar Foundation Agent
Sonar Foundation Agent is a coding agent for general software issues, developed at Sonar by the former AutoCodeRover team. As of November 3, 2025, Sonar Foundation Agent scores 75% on SWE-bench Verified, while maintaining a low average cost of $1.26 and a high efficiency of 10.5 min per issue.
Read article >