Sonar (company)

Sonar is a Swiss company founded in 2008. It develops open source software and commercial software for continuous code quality and code security.

Sonar

Industry	Software development
Founded	2008[1]
Founder	Olivier Gaudin Freddy Mallet Simon Brandhof
Headquarters	Geneva , Switzerland
Area served	Worldwide
Products	SonarQube Server SonarQube Cloud SonarQube for IDE
Website	Official website

Overview

Sonar is a company that develops open source software and commercial software for continuous code quality and security. Founded by Olivier Gaudin, Freddy Mallet, and Simon Brandhof in 2008, Sonar is headquartered in Geneva, Switzerland.^{[2][3][4][5][6][7][8]}

In 2017, they had more than 6,000 customers, including eBay, Bank of America, BMW.^[8]

As of 2025, Sonar has more than 28,000 enterprise customers, including 75% of Fortune 100 companies.^[9]

History

In 2008, Sonar was co-founded in Geneva by Olivier Gaudin, Freddy Mallet, and Simon Brandhof to assist developers in preventing code quality and security issues from ever reaching production.^[10] By 2010, Sonar’s open source project was averaging over 2,000 downloads per month.^[11]

In 2015, after releasing more plugins and software including SonarCloud (which analyzes open source projects) and SonarLint (an integrated developer environment extension for static analysis), Sonar expanded the scope of its analyzers to cover standards that encompass maintainability, reliability and security.^[11] In November 2016, Sonar raised a $45 million minority investment from Insight Venture Partners.^[12]

In 2018, Sonar opened an office in Austin as its U.S. base.^[10]

In April 2022, Sonar raised a $412 million round that values its platform at $4.7 billion. The round was led by new investors Advent International and General Catalyst. Permira and existing investor Insight Partners also participated in the round. It created an APACregional headquarters in Singapore in September 2022.^[13]

In February 2023, Sonar released SonarQube 9.9 Long-Term Support (LTS) to help organizations maintain their code with pull request analysis, as well as support for building and activating secure cloud-native applications. The LTS delivered in-depth analysis capabilities to discover code ‘secrets’ and added support for AWS, Google Cloud, and Microsoft Azure, along with their underlying software, which have serverless and SAM frameworks.^[14]

Sonar added static application security testing (SAST) in August 2023 that enables developers to automatically detect and fix security vulnerabilities.^[15] Through the same, developers are able to troubleshoot problems that occur between their source code and open-source libraries, which involves "fine-grained analysis".^[16]

Tariq Shakuat joined the Sonar as co-CEO and as a member of the board of directors on September 12, 2023.^[17]

In December 2023, Sonar added secrets detection to its tools for analyzing code and DevOps workflows—SonarQube Server (formerly SonarQube), SonarQube Cloud (formerly SonarCloud), and SonarQube for IDE (formerly SonarLint).^[18]

Clarissa O'Connell joined Sonar in January 2024 as the Chief Human Resources Officer.^[19] In May 2024, Sonar appointed Lynne Doherty as president of field operations.^[20] Shortly afterward, SonarQube was made available on Google Cloud Marketplace.^[21]

Sonar announced Enterprise and Team plans in August 2024 for its SaaS solution SonarQube Cloud.^[22] In October 2024, Sonar released two AI capabilities—AI Code Assurance and AI CodeFix—which support software development with generative AI to ensure quality and security.^[23]

Through its acquisition of AutoCodeRover, Sonar expanded its Singapore presence with a R&D Center to allow for collaboration with Asia-based research institutions, such as the National University of Singapore computing faculty, in February 2025.^[24]

Sonar released early access of SonarQube Advanced Security in March 2025, which adds third-party open source code. Features include software composition analysis (SCA) and advanced static application security testing (SAST).^[25] Sonar hired two new executives in the same month, Eyal Ben David as Chief Legal Officer and General Counsel, and Jean Compeau as Chief Financial Officer.^[26]

Acquisitions

In May 2020, Sonar acquired code security testing company RIPS Technology to work together on the development of Static Application Security Testing (SAST) tools, which gives developers a tool to improve their software security.^[27]

In October 2024, Sonar acquired Structure101, which focused on code structure analysis. By merging Structure101 into Sonar's SonarQubeServer and SonarQube Cloud, the latter came to enable the identification of potential structural issues as code is written, not in later review cycles.^[28]

In December 2024, Sonar agreed to acquire Tidelift to gain access to third-party open-source code for integration into its static code analysis tools.^[29]

Sonar acquired AutoCodeRover in February 2025 to integrate agentic AI into enterprise software development. AutoCodeRover is an AI agent for program improvement that analyzes existing codebases using abstract syntax trees, in addition to combining large language models with fault localization techniques developed by NUS researchers.^[24]

Products

Sonar provides code quality and code security products to detect maintainability, reliability and vulnerability issues on 30+ programming languages including Python, Java, C#, JavaScript, C/C++, and COBOL,^[30][31] as well as well as frameworks, and infrastructure technologies, with over 6,000 rules, including taint analysis for security.^[32] It integrates with DevOp platforms, including GitHub, Bitbucket, Azure, and GitLab.

The company offers three products: SonarQube Server, SonarQube Cloud, and SonarQube for IDE.^[33]

SonarQube Server is an open core self-hosted code quality and security solution that integrates into developers' enterprise environment.^[34] SonarQube Server revolves around correcting and preventing code errors at the start of the development process.^[35]

SonarQube Cloud is a SaaS solution that focuses on increasing the quality and security of both human-developed and AI-assisted code.^[36] It is an open source analysis solution and code review tool that integrates into cloud DevOps platforms and extends CI/CD workflow.^[37][38]

SonarQube for IDE is an integrated developer environment extension for static analysis that allows for organizations to find and fix errors in real-time. SonarQube provides contextual suggestions on how to fix these issues as well.^[39]

Financial backing

In 2016, the company raised US$45 million of funding from Insight Venture Partners, a US investment firm.^{[8][6][7][40]} In 2022, Sonar received with CHF 394.6 million the second largest venture capital financing round of Switzerland of that year.^[1]

See also

• Open-source software
• Static program analysis
• Software development
• Source code editor