Recently, there have been many changes in Sonar and new tools have been added – so we thought we’d take a moment to clear things up and explain what the current SonarQube offering is,
as well as what our added value is as their representatives (and of additional development utility tools). We are writing briefly here about each existing product/solution, and I would be happy to elaborate further as needed.
1) SonarQube Server – The long-standing and well-known product:
Static code analysis to improve code quality and enhance code security,
measure code complexity, and reduce technical debt.
The product supports over 35 programming languages and frameworks.
It also supports code generated by AI and can fix code bugs using AI. It is available in several editions and options.
Our detailed explanation can be found here and you can also receive a detailed comparison table of all editions from us.
2) This product can be extended with “Advanced Security“, which includes identifying vulnerabilities in libraries and third-party code, obtaining SBOMs, and more. Our detailed article regarding these capabilities can be read here.
3) These capabilities are also available as a SaaS / SonarCloud (public cloud),
and there is also another option which is sometimes considered the best of breed – a combination of managed self-hosted (in a private cloud),
allowing us to provide you with a managed solution that we maintain for you.
For more details, you can contact us (details below).
4) A few weeks ago, Sonar acquired Gitar AI – a tool that performs smart Code Review using AI
and essentially solving the bottleneck currently created by AI-written code.
More information and demonstrations can be seen here.
For more details on licensing and pricing, you can contact us (details below).
(The product is offered as a separate paid license, even if you do not have an active Sonar instance).
5) There is a tool called Sonar CLI, which has now officially reached General Availability (GA). This tool also serves as an MCP Server. It is a free, open-source tool that connects to your SonarQube environment and can help you implement development processes and automations, including AI and agent integration. Note that to get the most out of it, it is recommended to use the commercial editions, which include more analyzers and scanners, and more capabilities available for use through the CLI. More details here
6) We would like to mention that we also offer extensive knowledge in Sonar through our professional team, assisting with consulting, installations, secure code, integration into development processes,
building HA solutions, connecting to complementary tools such as git, Jenkins, artifacts, Docker, Kubernetes, Jira,
and connecting to dashboards and other security tools.
Additionally, there will soon be more tools from the vendor, such as SonarSweep which is designed to improve existing models –
stay tuned for our updates.
We are the only official representatives of Sonar in Israel.
For more details, contact us: sonar@almtoolbox.com or call us: 866-503-1471 (USA / Canada) or +31 85 064 4633
Relevant Links:
- Webinar recording reviewing Sonar (Hebrew)
- Our Israeli content site on Sonar (Hebrew)
