Sonar's latest blog posts
Announcing SonarSweep: Improving training data quality for coding LLMs
Recent research from Anthropic has shown that even a small amount of malicious or poor quality training data can have a massively negative impact on a model’s performance, exposing users to significant security and quality issues.
Introducing Sonar Foundation Agent
Sonar Foundation Agent is a coding agent for general software issues, developed at Sonar by the former AutoCodeRover team. As of November 3, 2025, Sonar Foundation Agent scores 75% on SWE-bench Verified, while maintaining a low average cost of $1.26 and a high efficiency of 10.5 min per issue.
Read article >
Seventeen years later, code quality is more relevant than ever
What started as a free and open source tool to solve our own problem has grown to become SonarQube, a product now used by more than 7 million developers around the world to review and improve the quality and security of over 750 billion lines of code every day.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
The inevitable rise of poor code quality in AI-accelerated codebases
The adoption of Large Language Models (LLMs) and AI coding assistants has radically accelerated the development lifecycle, offering the potential for developers to achieve up to a 55% increase in productivity and complete tasks twice as fast.
Read article >
Ollama Remote Code Execution: Securing the Code That Runs LLMs
Our Vulnerability Researchers uncovered vulnerabilities in the code of Ollama, a popular tool to run LLMs locally. Dive into the details of how LLMs are implemented and what can go wrong.
Read article >
Vibe, then verify: How to navigate the risks of AI-generated code
AI is rewriting the traditional software development playbook. Developers are adopting AI on the ground, output is exploding, and leaders are being asked to convert promise into predictable velocity.
Read article >
Beyond cybersecurity awareness: Make a strategic shift to code security
October is Cybersecurity Awareness Month, a time when every organization is reminded that security is everyone’s responsibility. It's a time to reflect on how organizations approach security not as a campaign or compliance task, but as a mindset.
Read article >
PyTorch tensors, neural networks and Autograd: an introduction
This guide is designed to demystify PyTorch's core components, providing you with a solid understanding of how it empowers the creation and training of sophisticated machine learning models.
Read article >
Choosing the right SonarQube Server edition for your needs
SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality and code security.
Read article >
Introducing audit logs in SonarQube Cloud: Enhancing compliance and security
Introducing the initial release of audit logs for SonarQube Cloud, a new feature designed to provide enhanced governance and support for our Enterprise plan customers. This initial, API-driven release focuses on core authentication and administrative IAM events to help you meet compliance requirements.
Read article >
Sonar launches integration program to unify code governance across the SDLC
We are thrilled to announce the launch of the Sonar Integration Program. This strategic initiative formalizes and expands our partner ecosystem, unifying SonarQube's integrations with leading technology partners under a single, comprehensive program.
Read article >
Announcing SonarSweep: Improving training data quality for coding LLMs
The promise of AI-assisted coding is immense, but it rests on a simple, fundamental reality: the quality and security of the code generated by a Large Language Model (LLM) depends on the quality of the data that it was trained on.
Read article >