Press release

Sonar Launches Sonar Integration Program to Unify Code Governance Across the Software Development Lifecycle

AUSTIN – October 23, 2025 – Sonar, the leading provider of integrated code quality and code security solutions, today announced the formal launch of the Sonar Integration Program, a major expansion of its existing partner ecosystem. This strategic initiative unifies SonarQube's integrations with technology partners under a single program, which includes its latest integrations with Atlassian Jira, Jellyfish, JFrog, and Port, as well as recently announced integrations with the SonarQube MCP Server (Claude Code, Cursor, Devin, Gemini CLI, VS Code, Windsurf and more). The program is designed to provide organizations with a holistic ecosystem for orchestrating code quality and code security across the entire software development lifecycle (SDLC), enabling development teams to leverage their toolchains to embed automated code review and governance directly into their existing processes.

The Sonar Integration Program is especially relevant as our users embrace agents and AI-generated code. While AI tools accelerate development, they also introduce risks like subtle bugs and security vulnerabilities at a scale that traditional, end-of-cycle quality assurance can no longer manage effectively. To address this challenge, the program expands the connections of SonarQube with the tools developers use every day, enabling organizations to establish consistent standards, control points, and developer-friendly feedback loop to verify the quality and security of all code—AI-generated and developer-written— before it is committed.

"The speed of modern, AI-native software development requires a new approach to code governance—one that is integrated, automated, and collaborative," said Harry Wang, Chief Growth Officer at Sonar. "We launched the Sonar Integration Program to provide the essential framework for this shift. By creating a unified ecosystem that leverages Sonar’s deep insights into code and central position in the developer toolchain, we are empowering organizations to manage the risks of AI-accelerated development while enabling their teams to innovate with speed and confidence."

SonarQube’s newest featured integrations ensure organizations can embed code quality and code security into key points of the software development process:

  • Integrated issue tracking with Atlassian Jira: Transforms issue detection into actionable, trackable work items within the development backlog. By pre-populating Jira tickets with rich context, severity, and remediation guidance, this integration makes technical debt and vulnerabilities tangible and manageable, allowing teams to allocate resources and track progress as part of their standard sprint planning.
  • Fortified supply chain with JFrog: Enforces quality gates at the artifact/release level by embedding analysis results as signed evidence attached to artifacts in the JFrog Platform and blocking non-compliant builds from being promoted to repositories and moved to production using JFrog AppTrust quality gates. This creates an immutable, auditable signed evidence of code integrity and provides a final, non-negotiable backstop to secure the software supply chain.
  • Holistic service ownership with Port: This integration delivers Sonar's code quality and security analysis directly into Port's software catalog, a leading internal developer portal (IDP). By enriching the catalog with surfacing SonarQube's deep code-level intelligence, this integration provides a single pane of glass that gives developers a holistic view of their services' code health and empowers platform teams to monitor and drive the adoption of code quality standards across the organization.
  • Actionable insights with Jellyfish: In-depth code quality, coverage, and security metrics are provided within Jellyfish, a premier software engineering intelligence (SEI) tool. In the age of AI, this provides engineering leaders with the essential ability to measure the impact of AI-driven development via actionable insights to monitor quality trends alongside delivery metrics. This enables engineering teams to understand how productivity changes impact software maintainability and connect quality metrics with investment data to quantify the impact of tech debt.

What our Integration Partners Are Saying 

"The era of AI-native development is here, and with it comes the responsibility to ensure that AI-generated code meets the highest standards of quality and security," said Ritika Suri, Managing Director, AI & Data Partnerships at Google Cloud. "We're thrilled to partner with Sonar to bring their powerful analysis capabilities directly to developers using Gemini. This integration provides instant, intelligent feedback within their natural workflow, empowering them to innovate responsibly and build the next generation of secure, reliable software with confidence."

“Code quality and governance are essential to developer velocity in the AI era. By integrating SonarQube with Atlassian, teams can connect insights about reliability and security directly to their backlog, turning code feedback into actionable work that can be given to agents for delivery. Together, we’re helping developers move faster without sacrificing quality,” said Rebecca Fitzhugh, Lead Principal Engineer, Developer Experience at Atlassian.

“At JFrog, we believe that securing and governing the software supply chain requires the seamless collection of evidence at every stage of the development lifecycle," said Gal Marder, Chief Strategy Officer at JFrog. "Our ‘DevGovOps’ collaboration with Sonar seamlessly attaches critical code quality  evidence to artifacts and releases in the JFrog Platform, allowing customers to use this evidence across their quality gate policies. This seamless workflow ensures every artifact is compliant and secure, accelerating the delivery of trusted software releases from code to production.”

"The SDLC encompasses a vast set of complementary technologies that work better when integrated together. We are proud to partner with Sonar to help our customers interweave security into their modern software development practices," said Gardner Johnson, VP of Partnerships at Windsurf. "By combining Cognition and Sonar's suite of products, our customers are able to build faster, improve the quality of their code, and finally address preexisting security vulnerability backlogs at scale."

"Port was founded to eliminate the engineering chaos of modern development environments since the beginning,” said Zohar Einy, CEO of Port. “We are excited to partner with Sonar to deliver the benefits of streamlined workflows, clear ownership, and built-in guardrails, which are even more important in the age of AI-first software development."

"The Jellyfish and SonarQube integration unifies deep code quality and security analysis with a comprehensive view of engineering performance, producing actionable insights for optimizing developer productivity, project delivery, and overall business value,” said Billy Robins, Head of Partnerships at Jellyfish. 

Learn more

To see our complete list of integrations and learn more about how Sonar partners with leading technology providers to enhance code quality and security, visit our dedicated integrations page at https://www.sonarsource.com/integrations/overview/

To become a Sonar Integration Program partner and deliver enhanced value to joint customers, reach out to tech-partners@sonarsource.com for more information. 

About Sonar

Sonar is the industry standard for automated code review, integrating code quality and code security into a single platform built for the AI-coding era. Sonar provides the essential, independent verification of all code—AI-generated and developer-written—so development teams can find and fix security, reliability, and maintainability issues quickly and effectively. Rooted in the open source community, Sonar's solutions support over 35 programming languages and are used by 7M+ developers across 400K organizations, including Barclays, MasterCard, and T-Mobile.

To learn more about Sonar, please visit: www.sonar.com.  

Cautionary note; forward-looking statements

This press release may contain forward-looking statements about future expectations, plans, and prospects. These statements are based on current beliefs and assumptions and are subject to risks and uncertainties. The information in this press release is provided as of this date, and we undertake no obligation to update any statements.

  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin
language switcher
Deutsch (German)
  • Rechtliche Dokumentation
  • Vertrauenszentrum

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SonarQube for IDE, SonarQube Server, SonarQube Cloud, and CLEAN AS YOU CODE are trademarks of SonarSource SA.