Sonar's latest blog posts
State of Code Developer Survey report: The current reality of AI coding
Sonar analyzes over 750 billion lines of code every day. This gives us a unique, high-level view of the state of code quality and security across the globe.
Stop secrets before the commit: Join the beta for SonarQube's new secrets CLI
This blog post explains why secrets detection is critical and how Sonar’s integrated approach reduces noise. It also explains how the new SonarQube Secrets CLI helps teams catch secrets locally.
Read article >
The AI trust gap: Why code verification matters
In this second chapter of our State of Code Developer Survey report, we dig deeper into the developer psyche to answer a critical question: Do developers actually trust the code that AI systems are generating?
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Modernizing finance: Insights from a platform engineering leader
We recently sat down with a Platform Engineering leader at a major financial services institution to discuss the realities of modern software development in their highly regulated, distributed environment.
Read article >
State of Code Developer Survey report: The current reality of AI coding
What we found challenges the common narrative. While AI adoption is massive, it hasn’t led to a simple, linear boost in productivity. Instead, it has shifted the bottleneck from writing code to verifying it.
Read article >
Vibe, then verify: SonarQube 2025 year in review
As we look back at the year we just closed, one thing is clear: 2025 was the year of acceleration. Development teams moved faster than ever.
Read article >
Seven indicators your codebase is unmanageable
This article outlines seven indicators of an unmanageable codebase and details how continuous, automated code review using SonarQube provides the mandatory data metrics for diagnosis, quantitative prioritization, and remediation, transforming the management of code quality issues from a severe burden into a strategic investment.
Read article >
Introducing architecture in SonarQube
Today, we are announcing a transformative step forward to help teams manage their software at a higher level, with the addition of architecture capabilities in SonarQube.
Read article >
New data on code quality: GPT-5.2 high, Opus 4.5, Gemini 3, and more
Today, we are making all evaluations available in a new Sonar LLM leaderboard and sharing our latest findings on GPT-5.2 High, GPT-5.1 High, Gemini 3.0 Pro, Opus 4.5 Thinking, and Claude Sonnet 4.5.
Read article >
SonarQube Server 2025.6 is here: Vibe, then verify faster than ever
This release delivers deeper integrations, dramatically faster analysis, and unmatched support for the latest, most popular languages, helping your team embrace the “vibe, then verify” philosophy.
Read article >
The intelligent approach to achieve MISRA C++:2023 compliant source code
SonarQube provides an intelligent, high-precision, and integrated solution for development teams to achieve full, friction-free compliance with the MISRA C++:2023 coding standard for C++17 safety-critical applications.
Read article >
Zombie Workflows: A GitHub Actions horror story
Our research team recently discovered an exploitable pattern in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.
Read article >