Fact-checked by Grok 2 weeks ago

Sonar (company)

SonarSource SA is a specializing in tools for , , and reduction, enabling developers to deliver clean and secure software across various programming languages and frameworks. Founded in 2008 in , , by Olivier Gaudin, Freddy Mallet, and Simon Brandhof, the company originated from an open-source project aimed at improving for development teams worldwide. SonarSource's flagship product, , is an open-source platform that performs static code analysis to detect , vulnerabilities, code smells, and hotspots in during the process. The company has grown significantly, serving over 7 million developers and more than 400,000 organizations through its free open-source edition and commercial enterprise solutions, while maintaining a community of over 45,000 members. Its solutions support more than 30 programming languages, including , , C#, , and others, and integrate with popular development environments like , , and Jenkins. Under the leadership of CEO Tariq Shaukat, who assumed the role in July 2024 following his tenure as co-CEO alongside Olivier Gaudin, SonarSource continues to emphasize in AI-assisted and open-source commitment. The company has expanded through strategic acquisitions, such as RIPS Technologies in 2020 to enhance security scanning and Tidelift in 2024 to improve management, and has raised substantial funding, including a $45 million round in 2016 and a $412 million round in 2022 at a valuation of $4.7 billion. SonarSource's core values of transparency, continuous improvement, and community collaboration have positioned it as a leader in the DevSecOps space, helping organizations reduce software vulnerabilities and accelerate delivery.

Introduction

Company profile

SonarSource Sàrl, commonly known as , is a software company founded in 2008 and headquartered in Vernier, near , . It specializes in providing continuous code quality and tools designed to help development teams identify and address issues in their . The company's core offerings enable automated detection of bugs, vulnerabilities, code smells, and security hotspots across various programming languages and frameworks. Sonar's mission is to empower developers to deliver high-quality, secure software by analyzing code written by humans, generated by , or sourced from third parties such as open-source libraries, thereby reducing and vulnerabilities through a developer-first approach. This focus on proactive code inspection supports faster delivery cycles while maintaining reliability and compliance standards. As of 2025, Sonar serves over 7 million developers worldwide, with more than 400,000 organizations utilizing its open-source edition and a community exceeding 45,000 members. The company operates globally, with its primary headquarters in and additional offices in (including and ), (), and (), employing approximately 764 people. Sonar maintains a strong commitment to , originating from the project and adhering to an that promotes transparency, security, and community-driven improvements.

Leadership and governance

SonarSource was founded in by Olivier Gaudin, Simon Brandhof, and Freddy Mallet, who recognized the need for automated code quality analysis tools in . Gaudin, who served as co-CEO until July 2024, now holds the position of Chairman and continues to guide the company's strategic vision. The other co-founders, Brandhof and Mallet, are no longer actively involved in day-to-day operations. The current executive team is led by CEO Tariq Shaukat, appointed in July 2024 following the company's significant funding rounds, bringing expertise in scaling technology enterprises. Key executives include Chief Technology Officer Andrea Malagodi, who joined in 2021 after over 25 years at , focusing on for quality and ; Chief Financial Officer Jean Compeau, appointed in March 2025 to oversee financial strategy amid global expansion; Rick Harshman, appointed in November 2025 and driving sales growth; and Charley Webb, managing market positioning and operations. Additional leaders include Clarissa O'Connell, Chief Legal Officer Eyal Ben David (appointed March 2025), and Chief Growth Officer Harry Wang, supporting scaling efforts post-2022 funding. The board of directors comprises the founders—Gaudin as Chairman, Brandhof, and Mallet—along with representatives from major investors such as and General Catalyst, emphasizing expertise in , cybersecurity, and enterprise growth. Notable additions include Kevin Thompson, former CEO of and current CEO of , appointed to provide insights on software security and leadership. SonarSource's governance practices prioritize transparency through open communication on company values and product roadmaps, as outlined in their public commitments to open-source principles. The company promotes , with women in key roles such as O'Connell and Webb, and fosters an inclusive culture that views as a core strength for . Ethical use is integrated into product , ensuring with standards for secure and responsible , including -generated . As of 2025, SonarSource has faced no major controversies related to or operations. Recent appointments from 2023 to 2025, including growth and legal officers, reflect efforts to bolster the team for international market expansion and post-funding scalability.

Historical development

Founding and early years

SonarSource was established in in , , by Olivier Gaudin, Freddy Mallet, and Simon Brandhof, who were motivated by the need for more effective tools to manage code quality in projects during their prior roles at a large IT company. The founders had initiated the open-source project in 2007 and established SonarSource in 2008 to develop and promote it as a platform dedicated to static code analysis, beginning with support for and gradually extending to other programming languages to address broader developer needs. In its early years, SonarSource operated on a bootstrapped basis, fostering community-driven through open-source contributions, which accelerated adoption among developers; by 2010, the company released its first commercial extensions to complement the open-source core. Pre-2016 milestones highlighted growing traction, including integrations with tools such as Jenkins for seamless workflow incorporation and the solidification of a robust user base rooted in the 's origins. From the start, SonarSource maintained a small, innovation-focused team committed to open-source principles, emphasizing transparency and collaborative advancement in code quality practices.

Growth and milestones

In 2016, SonarSource secured a $45 million minority investment from , serving as a key catalyst for its expansion by funding team growth from around 50 to over 100 employees and accelerating enhancements to its core platform. This infusion enabled the company to scale its global operations and broaden developer adoption, positioning it for sustained . The company advanced its product ecosystem with the launch of SonarCloud in 2018, a cloud-based service for automated code analysis that extended SonarQube's capabilities to serverless and GitHub-integrated workflows without on-premises setup. By 2020, SonarSource had expanded support to over 27 programming languages and frameworks, including , , C#, and , facilitating broader applicability across diverse development stacks. In response to the rising influence of generative , the company integrated AI-driven features by 2024, such as AI Code Assurance for detecting issues in AI-generated code and AI CodeFix for automated remediation suggestions, enhancing code quality in AI-assisted environments. Market achievements accelerated in , marked by a 43% year-over-year increase in its user base to 7 million developers and a surge in enterprise adoption, adding 5,000 paying customers to reach 21,000 total, including over 75% of 100 companies. Annual recurring revenue grew from $175 million to a projected $240 million that year, underscoring robust demand for its code quality solutions. earned strong recognition in Peer Insights for application security testing () tools, achieving a 4.4 out of 5 rating based on over 100 reviews, affirming its leadership in (). Global footprint strengthened with the establishment of its U.S. headquarters in , in 2018—expanded significantly in 2021 to support doubled headcount—and the opening of an Asia-Pacific office in in 2022, alongside increased presence in . Strategic integrations with major cloud providers, including AWS and , further enabled seamless deployment of SonarCloud for enterprise-scale code analysis. From 2023 to 2025, SonarSource emphasized -driven code fixes through features like automated vulnerability remediation, culminating in the 2025 acquisition of AutoCodeRover to incorporate agentic for tasks. promptly addressed challenges, including the August 2025 disclosure and patching of CVE-2025-58178, a command injection vulnerability in its Scan Action affecting versions 4.0.0 to 5.3.0. As of November 2025, no has occurred, with the company's valuation remaining stable at approximately $4.7 billion following its 2022 funding round. Amid these advances, SonarSource navigated challenges from emerging AI coding assistants like , prioritizing developer adoption by embedding quality gates into AI workflows to maintain trust in automated . Acquisitions, such as RIPS Technologies in 2020, played a pivotal role in bolstering capabilities.

Products and solutions

SonarQube platform

is an open-source and commercial static code analysis platform designed for continuous inspection of code quality in projects. It supports over 35 programming languages, including , , , C++, and C#, enabling organizations to detect issues early in the development lifecycle through automated analysis. The platform's architecture centers on a self-hosted server edition that orchestrates the overall process, including and for reviewing results. Its core analysis engine scans to identify bugs, code smells, and duplications, while quality gates provide configurable thresholds that integrate seamlessly with pipelines to prevent merging of substandard code. This setup allows teams to maintain high standards without manual intervention. SonarQube offers multiple editions to suit varying needs: the Community edition, which is and open-source, provides basic analysis for small projects with support for 20+ languages and essential features like quality gates. The Developer edition adds branch and pull request analysis for teams managing larger codebases (100K+ lines of code). The Enterprise edition extends this with portfolio management, compliance reporting, and support for 35+ languages, ideal for organizations exceeding 1M lines of code. The edition further enhances scalability through autoscaling and for enterprises handling 20M+ lines of code in air-gapped environments. All commercial editions include SOC 2 compliance to meet enterprise security requirements. In practice, facilitates use cases such as evaluating maintainability ratings to identify refactoring needs, assessing reliability to reduce potential failures, and quantifying to prioritize remediation efforts. It also tracks key metrics like and , helping teams quantify improvements in code health without delving into exhaustive numerical benchmarks. For simpler cloud-based deployment, SonarCloud serves as an alternative. Deployment options emphasize on-premises or configurations, allowing full control over and residency, with support for self-managed servers in secure, isolated .

SonarCloud service

SonarCloud is a cloud-based (SaaS) offering from SonarSource that extends the capabilities of the platform by providing managed, automatic integrated directly into cloud workflows. Launched in 2018, it was designed to eliminate the need for self-hosted while delivering the same static for detecting , vulnerabilities, and code smells across multiple programming languages. In October 2024, SonarCloud was rebranded and enhanced as SonarQube Cloud to align more closely with SonarSource's unified product ecosystem, incorporating improvements in scalability and feature parity with the on-premises version. Key features of SonarCloud include zero-configuration setup for automatic code reviews triggered on code pushes or pull requests within supported DevOps platforms such as , Cloud, , and . It provides real-time feedback through pull request decoration, where analysis results are overlaid directly in the repository interface to highlight issues and enforce quality gates that can fail builds if standards are not met. The service maintains a 99.5% uptime (SLA) for Enterprise customers, ensuring reliable performance with global data centers for low-latency access worldwide. SonarCloud operates on a freemium pricing model, offering unlimited analysis for open-source projects regardless of size, which supports community-driven development without cost barriers. For private repositories, a tier covers up to 50,000 lines of code (), while paid plans start at $32 per month for up to 1.9 million and scale based on volume to accommodate growing codebases. plans provide unlimited analysis and unlimited projects, with custom pricing available through sales for large-scale deployments requiring advanced governance features. Integrations are a core strength, with native support for Git providers like and , as well as (CI) tools such as Jenkins and GitLab CI/CD, enabling seamless branch analysis and automated workflows without additional plugins in many cases. This allows developers to receive actionable insights during the pull request process, promoting shift-left quality practices directly in their existing tools. Compared to self-hosted options, SonarCloud's advantages lie in its fully managed nature, relieving users from provisioning, maintenance, and scaling responsibilities. Automatic updates ensure access to the latest analysis rules and performance enhancements without downtime or manual intervention, while deployment across multiple global data centers minimizes for international teams. These benefits make it particularly suitable for agile teams prioritizing speed and integration over on-premises control.

Security and AI integrations

SonarSource's security analysis capabilities emphasize (SAST) integrated into its platforms, focusing on detecting vulnerabilities through advanced techniques such as taint analysis, which tracks untrusted user input via to identify potential flaws like injection attacks. The system covers the Top 10 risks, including broken and cryptographic failures, by analyzing patterns that could lead to these issues. Security hotspots, which highlight areas of code requiring manual review for potential risks, are also identified during scans. This SAST functionality supports over 30 programming languages, enabling broad applicability across diverse codebases. Following the 2020 acquisition of RIPS Technologies, a specialist in static analysis for web applications, SonarSource enhanced its security ruleset for and , incorporating high-precision detection for vulnerabilities such as , (XSS), and other injection flaws. These integrations improved the accuracy of taint analysis in dynamic languages, allowing developers to address security issues directly in their workflows. SonarSource's security metrics include comprehensive coverage of the CWE Top 25 most dangerous software weaknesses, aligned with guidelines, through dedicated rules that map to these standards for reporting and remediation. Real-time remediation guidance is provided via integrated tools that suggest fixes for detected issues, including branch-level analysis to ensure coverage of critical paths without overlooking potential vulnerabilities. In terms of AI enhancements, SonarSource introduced AI CodeFix in October 2024, a feature that leverages large language models to generate automated fix suggestions for security and quality issues identified in code scans. This builds on Clean Code principles, using for to promote maintainable and secure coding practices, such as avoiding common anti-patterns that lead to vulnerabilities. Developers are encouraged to apply these suggestions in alignment with ethical AI coding practices, ensuring and in automated recommendations. By 2025, SonarSource updated its offerings to address emerging threats, including attacks, with SonarQube Server 2025.5 introducing detection for vulnerabilities and misconfigurations in pipelines, such as those in Actions. Additionally, since 2022 and refined in subsequent releases, the platforms detect Unicode bidirectional (BIDI) override characters to prevent Source attacks, where malicious code is hidden via text direction manipulation.

Business expansion

Financial funding

SonarSource has raised a total of $457 million in across two primary rounds as of 2025. The company's first major round occurred in November 2016, when it secured $45 million in a Series A investment led by . This capital was allocated toward scaling product development and expanding the engineering and sales teams to support growing demand for code quality tools. In April 2022, SonarSource completed a significantly larger Series D round, raising $412 million at a of $4.7 billion. The round was led by and General Catalyst, with participation from existing investor and Permira's Growth Opportunities Fund. Funds from this investment were directed toward global market expansion, enhancing go-to-market capabilities, and investing in to drive product innovation and achieve $1 billion in annual revenue. Key investors in SonarSource include as the lead in the initial round and a continuing backer, alongside , General Catalyst, and . No additional funding rounds have been announced since 2022, maintaining the company's status with its $4.7 billion valuation intact. SonarSource's financial performance has shown strong growth, with annual recurring revenue exceeding $100 million by late 2021 and reaching a of $175 million by early 2022. Estimates suggest annual revenue of approximately $175 million as of recent data, reflecting sustained expansion amid a focus on profitability, though detailed financials remain private. As of early 2025, SonarSource has not filed for an and remains a private company.

Acquisitions and partnerships

In May 2020, SonarSource acquired RIPS Technologies, a startup specializing in (SAST) for languages like and , for an undisclosed amount. This acquisition integrated RIPS's expertise into , enhancing its SAST capabilities and enabling developer-focused across dynamic web languages. SonarSource's subsequent acquisitions focused on broadening code quality, security, and AI-driven development tools. In October 2024, it acquired Structure101, a pioneer in code structure analysis, for undisclosed terms, to address structural design issues impacting software maintainability and reliability. In December 2024, SonarSource announced the acquisition of Tidelift, a provider of open-source software supply chain security solutions, to extend coverage to third-party libraries and mitigate risks in dependency management. Most recently, in February 2025, SonarSource acquired AutoCodeRover, an AI agent platform for autonomous software development tasks developed as a spin-off from the National University of Singapore, for undisclosed terms, aiming to automate code repairs and enhancements. These acquisitions have fortified SonarSource's portfolio in code security and , with the RIPS specifically advancing SAST for applications. Strategic partnerships have complemented this inorganic growth by improving platform accessibility and workflow . SonarSource integrated with in ongoing collaborations, including extensions for build pipeline analysis since at least 2016 with updates through 2021. In July 2024, SonarCloud was listed on the , facilitating easier deployment and procurement for cloud-based code analysis. SonarSource also maintains deep ties with , offering pull request decoration and scanning via GitHub Actions for real-time and security feedback. Additionally, integrations with platforms like enable scans within orchestration pipelines. These alliances have supported over 100 integrations with tools and cloud providers, contributing to adoption by more than 400,000 organizations worldwide.

References

  1. [1]
    About - Sonar and SonarSource
    Sonar helps developers deliver high quality and secure software by analyzing code they write, AI-generated code, and code leveraged from third parties.
  2. [2]
    Sonar - Crunchbase Company Profile & Funding
    Founders Freddy Mallet, Olivier Gaudin, Simon Brandhof. About the Company. SonarSource provides world-class solutions for continuous code quality management.
  3. [3]
    SonarSource 2025 Company Profile: Valuation, Funding & Investors
    Developer of coding software designed to manage the code quality of applications. The company's platform solves coding issues and provides methods for code ...
  4. [4]
    Tariq Shaukat Joins Sonar as co-CEO
    Former President of Google Cloud and Bumble joins Code Quality market leader to accelerate growth alongside Founder and CEO Olivier Gaudin.Missing: current | Show results with:current
  5. [5]
    Olivier Gaudin's Post - LinkedIn
    Jul 2, 2024 · After more than 15 years leading Sonar, I have decided to step down from my role as co-CEO. Tariq Shaukat became CEO as of July 1, 2024.Missing: current | Show results with:current
  6. [6]
    SonarSource acquires RIPS Technologies
    May 13, 2020 · SonarSource was founded in 2008 with a goal of providing code quality tooling to all developers and development teams. I believe the massive ...Missing: history | Show results with:history
  7. [7]
    Sonar Company Profile - Office Locations, Competitors, Revenue ...
    Overview. SonarSource is a company that develops open-source code software. · Type: Private · Status: Active · Founded: 2008 · HQ: Vernier, CH | view all locations.
  8. [8]
    Where is Sonar Located? HQ, Global Offices & Company Insights
    SonarSource maintains a strong global presence with key offices in Switzerland (Global HQ), France, Germany, the United States, and Singapore. These ...
  9. [9]
    https://www.highperformr.ai/company/sonarsource
  10. [10]
    Sonar Strengthens its Leadership Team
    Andrea Malagodi and Gordon Pothier have joined the company as Chief Technology Officer and Chief Financial Officer, respectively.
  11. [11]
    Sonar Appoints Jean Compeau as Chief Financial Officer and Eyal ...
    March 6, 2025 — Sonar, the leader ...
  12. [12]
    Sonar Appoints Kevin Thompson on its Board of Directors
    Kevin Thompson, chairman and CEO of Tricentis and former president and CEO of SolarWinds, has joined its board of directors.
  13. [13]
    We are Sonar!
    Feb 14, 2023 · Our success comes from the sum of all of us, we remain open-minded to others' views, and we embrace diversity because we see it as a strength.Missing: leadership | Show results with:leadership
  14. [14]
    Software compliance in software development - Sonar
    Organizations can expect compliance standards to evolve beyond legal and audit requirements, encompassing broader topics such as ethical AI, accessibility, and ...
  15. [15]
    https://www.sonarsource.com/company/press-releases/sonar-appoints-kevin-thompson/
  16. [16]
    [PDF] lappeenranta university of technology - LUTPub
    Freddy Mallet, Olivier Gaudin and Simon Brandhof, employees of large IT-company had their own internal project – the open source quality management platform.<|control11|><|separator|>
  17. [17]
    SonarQube: The Ultimate Solution for Clean and Efficient Code
    Mar 16, 2023 · The Sonar platform was born in 2007, with Simon Brandhof developing the platform by integrating best-of-breed open-source tools for Java. The ...
  18. [18]
    4 Leadership Lessons From a $200 Million, Fast-Growing, Profitable ...
    Apr 26, 2023 · SonarSource's decision to bootstrap created pressure to find an inexpensive way to add customers. “VCs would have pushed us to sell a ...
  19. [19]
    Jenkins integration - SonarQube Docs
    To run project analysis with Jenkins, you need to install and configure the following Jenkins plugins in Jenkins: The SonarQube Scanner plugin. The Branch ...
  20. [20]
    SonarSource Jobs and Careers - the Jungle (formerly Otta)
    The company was founded in Switzerland in 2008, and has become the market leading platform for code quality control. While its first decade was encouraging, the ...
  21. [21]
    SonarSource Receives $45 Million USD Minority Investment From ...
    Nov 29, 2016 · SonarSource Receives $45 Million USD Minority Investment From Insight Venture Partners. November 29, 2016| 1 min. read ... Series · Insight ...
  22. [22]
    SonarSource Receives $45 Million USD Minority Investment From ...
    Nov 29, 2016 · "Our collaboration with Insight Venture Partners allows us to benefit from their expertise and support to build a global organization, strongly ...
  23. [23]
    Swiss code quality manager SonarSource raises $45 million from ...
    Nov 29, 2016 · Swiss SonarSource, a code quality management company, has announced the closing of a $45 million minority investment by Insight Venture Partners ...
  24. [24]
    Now Introducing, SonarCloud Enterprise and SonarCloud Team
    Jul 31, 2024 · Introduction. Since its launch in 2018, SonarQube Cloud's growth has been exciting and impressive. Today, over 3.6B lines of code (LOC) are ...
  25. [25]
    Sonar Adds AI Tools to Identify Issues and Fix Code ... - DevOps.com
    Oct 3, 2024 · Sonar adds GenAI capabilities for remediation vulnerabilities and a tool that identifies vulnerabilities in code generated by AI platforms.
  26. [26]
    Sonar Acquires AutoCodeRover to Supercharge Developers with AI ...
    Sonar acquired AutoCodeRover to enhance its AI capabilities, address engineering issues, and help developers build better, faster, and spend less time on non- ...
  27. [27]
    SonarSource Posts Record Growth with its Code Quality Solution
    SonarSource, the leading provider of Clean Code solution, today announced record growth in developer and enterprise customer adoption.Missing: motivation | Show results with:motivation
  28. [28]
    SonarSource raises $412M to scan codebases for bugs - TechCrunch
    Apr 26, 2022 · ... founding SonarSource. Freddy Mallet, SonarSource's second co-founder, was a project architect at E-Trade and CTO at agtech startup Hortis.Missing: history | Show results with:history
  29. [29]
    Software maker SonarSource aims to double employee count in Austin
    Apr 27, 2022 · The company was co-founded in 2008 in Geneva by CEO Olivier Gaudin, Freddy Mallet and Simon Brandhof. More: Austin can expect to add 22,000 tech ...
  30. [30]
    https://www.sonarsource.com/company/press-releases/sonar-record-growth-2022/
  31. [31]
    CVE-2025-58178 Detail - NVD
    Sep 1, 2025 · In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input ...
  32. [32]
    Security Advisory: SonarQube Scanner GitHub Action - Sonar Updates
    Aug 29, 2025 · Secondly, we now have additional details to share: CVE Number: CVE-2025-58178 has been assigned to this vulnerability Vulnerability Type: ...
  33. [33]
    SonarSource Navigates Way To $412M Raise At $4.7B Valuation
    Apr 26, 2022 · Switzerland-based SonarSource raised a $412 million round that values the “clean code” platform at $4.7 billion.
  34. [34]
    Code Quality & Security Software | Static Analysis Tool | Sonar
    Enhance code quality and security with SonarQube. Detect vulnerabilities, improve reliability, and ensure robust software with automated code analysis.Download SonarQube · What's new · Documentation · PricingMissing: 2023 | Show results with:2023<|control11|><|separator|>
  35. [35]
    Choosing the right SonarQube Server edition for your needs
    Oct 27, 2025 · SonarQube has emerged as a leading automated code review platform that empowers development teams to achieve a high level of code quality ...
  36. [36]
    SonarQube Server | Developer Code Quality | Sonar
    SonarQube Server automates code quality and security reviews and provides actionable code intelligence so developers can focus on building better, faster.
  37. [37]
    SonarQube Cloud Online Code Review as a Service Tool | Sonar
    With SonarQube, you can automatically review your code health to achieve the highest value for your projects. Start 14-day free trial. code. Dozens of languages ...Overview · Sign up for SonarQube Free tier · Start for free · Explore pricing
  38. [38]
    Sonar Streamlines Product Naming to Reflect Core Mission of Code ...
    Oct 29, 2024 · Sonar launched SonarCloud, now SonarQube Cloud, in 2018 in order to create an experience completely managed by Sonar that matches that of ...
  39. [39]
    SonarQube Cloud CI/CD Integration Pipeline Workflow | Sonar
    Add static code analysis and automated code reviews to your CI/CD workflow in a few steps with a product that easily integrates into the cloud DevOps platforms.
  40. [40]
    Pull request analysis | SonarQube Cloud - Sonar Documentation
    Oct 28, 2025 · SonarQube Cloud's pull request analysis uses your quality gate to catch new issues before merging with the target branch.Understanding your pull... · Pull request decoration · Enabling pull request analysis
  41. [41]
    Open Source Editions | Sonar
    99.9% uptime SLA with global availability; SOC 2 Type II certified security. Get startedLearn more. SonarQube Server. Self-managed for maximum control.
  42. [42]
    Plans & Pricing - Sonar
    There are two paid plans available: Team and Enterprise. You pay upfront for a maximum number of private lines of code to be analyzed in your organization.
  43. [43]
    SonarCloud New Pricing Plans | Sonar
    The SonarQube Cloud Enterprise plan offers unlimited LoC (lines of code). · The SonarQube Cloud Team plan has a limit of 1.9M LoC. · The SonarQube Cloud Free plan ...
  44. [44]
    Introduction | SonarQube Server - Sonar Documentation
    Oct 28, 2025 · SAST: Analyzes source code to detect vulnerabilities, security hotspots, and flaws. · Taint Analysis: Tracks untrusted user input with data flow ...
  45. [45]
    OWASP Security Vulnerability Coverage of Top 10, ASVS ... - Sonar
    The SAST analysis is capable of identifying patterns in the source code that may lead to access control issues, such as missing authentication checks or ...Owasp/cwe Top 25 Security... · Get Early Sast Feedback And... · Use Taint Analysis To Chase...
  46. [46]
    Why SonarQube is the Best SAST Tool Available for Developers
    SonarQube is the leading SAST tool for developers, delivering advanced Static Application Security Testing to detect vulnerabilities and improve code ...
  47. [47]
    SonarSource now provides high-precision SAST tooling for ...
    Dec 18, 2020 · Developers have access to unparalleled precision in security analysis of Java, C#, PHP, Python, and JavaScript code in SonarQube and SonarCloud.
  48. [48]
    List of supported CWE-Issues from Sonarqube - Sonar Community
    Jul 16, 2020 · With these rules and SonarQube 8.4+, you will get a coverage of the OWASP Top 10 and 2019 CWE Top 25 standards.
  49. [49]
    Instant Code Fixes at Your Fingertips: Announcing Sonar AI CodeFix
    Oct 3, 2024 · Sonar AI CodeFix is a powerful capability that suggests code fixes for issues discovered by our code analysis solutions SonarQube Server and SonarQube Cloud.
  50. [50]
    AI Generated Code in Software Development & Coding Assistant
    SonarQube automatically reviews code and detects code smells and code duplication, helping you maintain efficient, and reliable code.AI Code Assurance · AI CodeFix · AI Coding Assistants
  51. [51]
    AI CodeFix: Automatically Generate AI Code Fix Suggestions - Sonar
    Developers should review and selectively apply suggestions that match their own ethical AI coding practices for the best outcomes.Missing: 2023 Clean
  52. [52]
    SonarQube Server 2025.5 release announcement | Sonar
    Sep 24, 2025 · You can now directly fortify your CI/CD pipelines against supply-chain attacks by detecting vulnerabilities and misconfigurations in your GitHub ...Missing: response | Show results with:response
  53. [53]
    SonarCloud detects Bidirectional Characters to prevent trojan ...
    Jan 26, 2022 · SonarCloud is now able to detect Bidirectional Characters and here is why this is important. According to a recently published paper, source ...
  54. [54]
    Sonar - 2025 Funding Rounds & List of Investors - Tracxn
    Oct 16, 2025 · Sonar has raised a total of $457M over 2 funding rounds. One was Series D round of $412M from Investors like Advent International and General Catalyst.Missing: history | Show results with:history
  55. [55]
    How SonarSource hit $98.1M revenue with a 654 person team in...
    When was SonarSource founded? SonarSource was founded in 2008. How much revenue does SonarSource generate? SonarSource generates $98.1M in revenue. Click for ...
  56. [56]
    SonarSource | Investment - Insight Partners
    Sonar offers integrated code quality and code security solutions that are trusted by over 7 million developers and 400,000 organizations ...<|control11|><|separator|>
  57. [57]
    SonarSource Receives $45M Minority Investment From Insight ...
    Nov 29, 2016 · SonarSource, a Geneva, Switzerland-based provider of code quality management platform, received a $45m minority investment from Insight ...
  58. [58]
    Sonar Raises $412 Million in New Investment
    The company will use the investment to expand globally and propel the company to $1 billion in total revenue.Missing: 2016-2025 | Show results with:2016-2025
  59. [59]
    Coding platform SonarSource valued at $4.7 bln after latest funding
    Apr 26, 2022 · SonarSource, a coding platform for developers, said on Tuesday it was valued at $4.7 billion after raising $412 million in capital in a new funding round.
  60. [60]
    SonarSource Raises $412M on $4.7B Valuation to Grow in Asia
    Apr 26, 2022 · The Asian expansion will be a key component in SonarSource's push to reach $1 billion in annual revenue in the next half-decade. "In Asia, we ...
  61. [61]
    SonarSource Reaches 15,000 Commercial Customers Milestone ...
    Oct 19, 2021 · Code quality and code security solutions provider continues rapid growth less than a year after surpassing $100 million ARR and 16 months ...Missing: 2016-2025 | Show results with:2016-2025<|control11|><|separator|>
  62. [62]
    Code-testing firm SonarSource lands $412M in funding at a $4.7 ...
    Apr 26, 2022 · SonarSource's annual revenue run rate is currently $175 million and the figure is growing 50% annually, Gaudin said. The product is relatively ...Missing: recurring 2021
  63. [63]
    Sonar's Competitors, Revenue, Number of Employees ... - Owler
    When was Sonar founded? Sonar was founded in 2008 ; Who is Sonar's CEO? Sonar's CEO is Olivier Gaudin ; How much revenue does Sonar generate? Sonar generates $175 ...
  64. [64]
    SonarSource IPO: Investment Opportunities & Pre-IPO Valuations
    Jan 22, 2025 · SonarSource funding rounds and valuation. Funding history chart. Funding History is not available for this company. ... © 2025 Forge Global, Inc.
  65. [65]
    SonarSource Acquires RIPS Technologies and Accelerates in the ...
    May 13, 2020 · The SonarSource acquisition of RIPS is an exciting milestone in its journey to disrupt and lead the Code Security market with developer-first ...
  66. [66]
    Sonar Acquires Structure101 to Strengthen Code Quality Offering
    October 15, 2024 — Sonar, the leading Code Quality solution provider, acquired Structure101, a pioneer in code structure analysis, to further the ...
  67. [67]
    Sonar to Acquire Tidelift to Reduce Risk From Open Source Software
    Sonar is acquiring Tidelift to extend its coverage to open source libraries, improve open source software, and provide a complete solution for code quality and ...
  68. [68]
    Code Analysis Company SonarSource Acquires RIPS Technologies
    May 14, 2020 · Code quality and security solutions provider SonarSource has acquired code security testing company RIPS Technologies.
  69. [69]
    SonarSource have announced their own SonarQube Team Services ...
    Dec 13, 2016 · Microsoft have been partnering with SonarSource for almost two years to bring SonarQube to .NET developers and to make it easy to analyze ...<|separator|>
  70. [70]
    Azure DevOps & SonarQube Integration | Code Quality & Security
    Enhance code quality and security in Azure DevOps with SonarQube. Streamline code reviews, automate checks, and safeguard your development pipeline.Missing: 2021 | Show results with:2021
  71. [71]
    SonarQube step configuration - Harness Developer Hub
    Oct 28, 2025 · Harness STO integrates with SonarQube to scan your code repositories for vulnerabilities, enforce policies, and maintain code quality.
  72. [72]
    Code quality and security in your CI/CD workflow - Sonar
    Supported integrations typically include Jenkins, GitHub Actions, Azure DevOps, Bitbucket Pipelines, GitLab CI, and many other commonly adopted tools, allowing ...<|control11|><|separator|>