How Freshworks scales code quality and security for 1,500 developers with SonarQube

Freshworks provides enterprise-grade business services software that powers customer and employee experiences for over 74,000 customers globally. To support this scale, their engineering team manages more than 2,000 repositories in their GitHub organization.

The challenge: Maintaining coding standards across 2,000 repositories

At Freshworks, engineering teams value the autonomy to move quickly. However, managing over 2,000 repositories made it difficult to maintain consistent standards for code quality and security.

In the past, a fragmented toolset created gaps in governance. The platform engineering team needed to transition from these disconnected workflows to a unified internal developer platform (IDP) they call "Cubics." The goal was to build a path for developers that automated quality checks and security protocols without slowing down the release cycle.

The solution: Standardizing code health through automation

To address the challenges of operating at scale, Freshworks focused on a "shift-left" strategy—identifying and resolving issues as early as possible in the development lifecycle. Instead of treating code quality as a final hurdle or a manual audit, the platform engineering team aimed to make it an effortless, invisible part of the daily developer experience.

“With over 2,000 repos, manual enforcement isn't feasible. We embedded SonarQube directly into our standard CI templates. Now, every pull request automatically goes through quality gate checks, security analysis, and secret detection." — Pravien Sammandhankumar, Head of DevOps at Freshworks

By institutionalizing these standards within their core infrastructure, Freshworks achieved several key benefits:

• Accelerated developer onboarding: New services are pre-configured with SonarQube analysis and quality profiles. This has reduced the time it takes to onboard a developer to a new service from several days to just a few hours.
• Real-time feedback loops: Through PR decoration, developers receive immediate feedback within their existing workflow. SonarQube identifies issues and provides the context needed to fix them before code is merged.
• AI-driven remediation: Freshworks uses SonarQube’s AI CodeFix capability to generate suggested fixes for identified issues. This helps developers resolve vulnerabilities and maintainability issues quickly, reducing manual debugging time.
• Quality-assured AI code: As developers adopt AI coding tools like Cursor and GitHub Copilot, Freshworks uses specific Sonar rules and quality gates to verify that AI-generated code meets the company’s standards for security and maintainability.

The results: Predictable delivery and business confidence

By shifting verification to the earliest stages of development, Freshworks has moved away from reactive audits toward a model of continuous improvement. This shift has delivered measurable impact across the organization:

• Increased engineering velocity: Standardizing the “paved path" has improved lead times and predictable deployment frequency. Developers spend less time on rework and more time building new features.
• Strategic visibility for leadership: Real-time dashboards provide leadership and individual business units with clear insights into the health and releasability of the codebase. This transparency provides confidence that every service meets security and quality requirements before going live.

"The real winners won't be the teams that generate code the fastest, but the teams that can assure quality automatically at scale."

Looking forward: Navigating the era of AI-driven development

With 50% of their developers already using AI tools, Freshworks is prepared for the future. By establishing SonarQube as a core component of their platform, they have built the necessary guardrails to adopt AI at scale. For Freshworks, maintaining high standards is no longer an obstacle to speed—it is the foundation that makes their speed possible.