Sonar

Agentic coding just got a whole lot smarter 🧠 We put together a how-to guide for running Sonar Context Augmentation in Claude Code — and by the end of it, you'll watch your agent automatically pull your project's context before touching a single file. Sonar Context Augmentation extends the SonarQube MCP Server to feed your agent the right context in the inner loop: your project's coding standards, architecture awareness, and SonarQube analysis, all before it writes anything. The standard MCP tools report issues after code exists. This is the Guide stage of the Agent Centric Development Cycle — defining the rules of engagement upfront, so the output fits your codebase from the start. Get the guide: https://bit.ly/4shJfQR

RSAC 2026 is a wrap — and what a week it was 🎉 From Moscone to the Wiz House, we had incredible conversations with customers, partners, and the broader security community about what it means to develop at AI speed without sacrificing code quality and security. Thank you to everyone who stopped by, joined us for PubSec Day, or just said hi — our community is everything. Check out some highlights from the week below ⬇️

You're invited 💌 The SonarQube Remediation Agent beta is now open to all SonarQube Cloud Annual Teams and Enterprise accounts. It's the "Solve" stage of the AC/DC (Agent Centric Development Cycle) — fixing issues discovered during code analysis automatically, with built-in verification to make sure the fix actually works. It doesn't blindly trust the LLM's output: every fix is applied in a sandbox, re-scanned by the Sonar analysis engine, and discarded if it doesn't solve the original issue ✅ And it works two ways: 1️⃣ PR fixes: quality gate fails, the agent identifies why and proposes a solution 2️⃣ Backlog fixes: "Assign to Agent" sends existing issues directly to the agent — one PR per issue, nothing forced into your codebase Free during beta. Open to the first 500 organizations — don't wait 👇 https://bit.ly/3QdmVum

At #RSAC2026, our VP of Code Security Jeremy Katz sat down with eSecurity Planet to talk about how code security is evolving alongside AI-assisted and agent-driven development. As AI changes how code gets written, the opportunity is to move security earlier in the lifecycle. This means real-time checks happening as code is written, not after it's committed. Jeremy walked through Sonar's Agent Centric Development Cycle (AC/DC) — a structured loop of Guide, Generate, Verify, and Solve — and why verification is foundational to shipping secure software at the speed AI enables. Read the full interview from RSAC 2026 👇 https://bit.ly/3NFa2IZ

Software development has shifted. It’s no longer just human-centric; it’s agent-driven. To help you scale your AI code output without collapsing under technical debt, we're launching three new Open Betas to support the Agent Centric Development Cycle: 🤖 Sonar Context Augmentation: Injects real-time, project-specific context from SonarQube directly into your AI agent's workflow before it writes a single line of code. Your standards, your architecture, your constraints — surfaced at the right moment, not dumped all at once. ⚙️ SonarQube Agentic Analysis: Brings Sonar's trusted analysis engine directly into the agent's generation loop, verifying code meets your functional, non-functional, and compliance standards in real time. ✅ SonarQube Remediation Agent: Generates verified, ready-to-review PRs the moment SonarQube flags something, and works through your existing backlog systematically — one PR at a time, on your team's terms. Together, they form one continuous, self-improving loop. Read the full story on how they work together: https://bit.ly/4cfqAAp

AI writes the code 🤝 SonarQube makes sure it's right. This is the maturity shift happening in software development right now — we're moving beyond asking LLMs to write code and hoping for the best, toward binding AI agents to a governance contract. The SonarQube MCP Server makes that possible. Paired with Claude Opus 4.6, it gives your AI agent direct access to real-time SonarQube data, so it addresses the specific issues blocking your quality gate — not its best guess at what might be wrong. Coverage is treated as a requirement, not an afterthought. And the fix is verified locally before it ever reaches CI. Check out our step-by-step guide so you can set this up in your own projects today: https://bit.ly/4m2NZsr

Your dependencies called. They want to know if you've verified them lately. In an era where teams use AI to rapidly prototype and build, generating code at speed only adds value if that code is trustworthy. SonarQube Advanced Security makes that achievable — with malicious package detection integrated directly into your CI/CD pipeline, automatically comparing dependencies against constantly updated lists of known malicious software, with real-time feedback the moment a risky dependency is introduced and quality gate enforcement to fail pipelines automatically if anything is flagged. Keep the speed. Keep the trust. See how 👇 https://bit.ly/4uUc2h1

SonarQube Server 2026.2 is here. 🚀 This release is built for teams who need to move fast without compromising on code quality or security — and it's packed with updates that matter: 🤖 Model-agnostic AI CodeFix: Intelligent remediation suggestions directly in your self-managed environment — no source code leaving your firewall, no exposure to public LLMs. 🌐 Expanded language & framework support: Java 25, FastAPI, Flask, Django, Groovy, and enhanced Apex — including new rules purpose-built to catch the subtle bugs AI coding assistants introduce. 🔒 Unified security reporting: SCA data, SBOM, and first-party code health together in one report — a complete picture of your codebase and software supply chain risk. Update your instance today, or talk to us about migrating to SonarQube Cloud for automatic updates and the same enterprise capabilities. 👇 https://bit.ly/4sBUwg2

brb, moving into the Wiz House at #RSAC2026 🏠 Looking for afternoon plans? Don't miss our 3pm session on the Agent Centric Development Cycle ⚡ Hear from Sonar VP Donald Fischer on how to build a secure development process using agents, and the critical partnerships and integrations you need to innovate freely while reducing technical debt.