Sonar's latest blog posts
Welcoming Gitar to Sonar
Sonar has acquired Gitar, adding a new, critical layer to its multilayer, zero-trust code verification platform. Gitar is an AI code review solution, and it doesn’t just flag issues; it also generates the fix, validates it against the CI, and commits to the branch.
Category
Testing Claude Fable 5: Built a Java Module & a Security Flaw
Claude Fable 5 built a Java REST module in 13 minutes, but SonarQube uncovered a high severity security flaw and test coverage gaps.
Read article >
Why a second, independent verification loop is critical for using Fable 5
Learn why Fable 5 still needs independent verification and how deterministic checks catch risks that self verification can miss.
Read article >
Get new blog posts delivered directly to your inbox!
Stay up-to-date with the latest Sonar content. Subscribe now to receive the latest blog articles.
Loop engineering without verification is just automation
Explore how LLM reviewers and deterministic checks work together to keep coding agent loops from shipping unfinished code.
Read article >
The java.time bugs that don’t throw exceptions
Learn how SonarQube detects java.time bugs that compile cleanly but cause wrong timezone math, flaky tests, and bad comparisons.
Read article >
How SonarQube traces a SQL injection your AI coding agent produced
Learn how SonarQube traces SQL injection across Spring Boot files using taint analysis to expose unsafe database queries from user input.
Read article >