We are excited to share that Sonar has been named a Leader and Fast-Mover in the latest GigaOm Radar for Application Security Testing (AST). Following an in-depth evaluation of 27 vendors, GigaOm positioned Sonar in the top-tier ‘Maturity/Platform Play’ quadrant, recognizing our significant impact on the market."
The GigaOm Radar plots vendors across two axes: Maturity vs. Innovation and Feature Play vs. Platform Play. Sonar's position as a Leader in the upper-right quadrant signifies a solution that offers both the stability and emphasis on continuity of a mature vendor, combined with the broad functionality of a platform solution.
A proactive approach to code quality and security
Sonar is the gold standard for integrated code quality and code security. Our strategy centers on a developer-first, "shift-left" approach, which integrates security and quality into the development workflow. For over 16 years, Sonar has built trust with more than 7 million developers across 400,000 organizations. Our platform’s proactive approach focuses on checking every new line of code as it's written.
Sonar provides the industry’s broadest coverage, with thousands of quality and security rules covering over 35 languages. This enables development teams to build trust in all code—whether it's developer-written or AI-generated—and to integrate seamlessly with AI coding tools.
Industry recognition for a comprehensive platform
The GigaOm Radar for AST report highlights several of Sonar's key strengths. SonarQube’s comprehensive capabilities are reflected in its placement on the GigaOm Radar chart. The report notes:
- CVE feeds: The solution integrates CVE information through its Software Composition Analysis (SCA) function. It scans third-party dependencies, checks them against vulnerability databases like NVD, and enriches findings with curated data from Tidelift’s maintainer network for better accuracy.
- Mobile app security: Sonar’s SAST engine provides mobile application security testing by analyzing source code in languages such as Java, Kotlin, and Swift. The company is also enhancing its mobile-specific risk detection with planned support for OWASP Mobile Top 10 reports.
- Traditional app support: SonarQube offers extensive analysis for legacy languages like COBOL, JCL, Apex, and PL/I, allowing large organizations to standardize their AST practices across diverse technology portfolios.
Your partner in building secure, high-quality code
GigaOm’s validation of Sonar as a Leader provides a good opportunity to reflect not just on what we've built, but how our customers use SonarQube to drive impact every day. From scaling secure development across thousands of engineers to confidently adopting AI coding tools, organizations consistently choose Sonar for its combination of speed, accuracy, and strong developer adoption.
We’re thankful for GigaOm's recognition because it is more evidence that organizations using Sonar can be confident they are partnering with a platform validated by one of the industry's most trusted analyst firms.
Discover why GigaOm placed Sonar at the forefront of the Application Security Testing market. Download the report today.