Introducing New AI Tools from a Leader in Code Quality (And Yes, It’s Designed to Make the Dev Process Even Easier)

TL; DR: Sonar, a leader in code quality and security, just released two game-changing AI capabilities: AI Code Assurance and AI CodeFix. Tariq Shaukat, Sonar’s CEO, and Fabrice Bellingard, VP of Product, reveal how these innovations help developers write cleaner, more secure code in less time. But as AI transforms the coding landscape, there’s one burning question: Will this tech live up to the hype? (Spoiler alert: Yes.)

Did you know the earliest instance of recorded writing dates back to 3,500 BC in Mesopotamia? This ancient writing system is called cuneiform, which involved a clay tablet and a reed stylus.

Ancient Sumerians recorded everything on these tablets, including private messages and even epic poems. One such poem is the “Epic of Gilgamesh,” which tells the story of King Gilgamesh and his friend Enkidu’s adventures.

As one of the oldest pieces of literature, it was written by hand with a stylus in soft clay, which was then left out in the sun to harden. Imagine how long it must have taken to finish a story like that — and don’t even think about making extra copies. The tablet probably had to be passed around like the last copy of a library book.

But when you compare it to today’s tech, it’s amazing that ancient humans managed to start with the cuneiform system at all. From the days of writing on clay tablets to now being able to use Bluetooth printers from the comfort of our own homes, the evolution of how we share information is…well, kind of mind-blowing.

This evolution reminds me of computers — the first commercially used computer was released in 1945, prompting the creation soon after of a plethora of new jobs, including the job of computer programmer. By the 1960s, these programmers were everywhere, and their numbers have only multiplied in the decades since.

But back then, coding was done with punch cards, and developers had to debug every single line manually. Today, we’re able to keep up with the demands thanks to more accessible programming languages (PLs) and much, much faster coding capabilities.

Sonar is a company we’ve talked about before, and I’m really fascinated by it because of its mission: to help improve the quality and security of all code while delivering an improved developer experience. (It’s like the modern equivalent of digital printing when you think about how the ancient Sumerians painstakingly wrote the “Epic of Gilgamesh.”)

In Q4, Sonar launched two new capabilities available in SonarQube Server and SonarQube Cloud: AI Code Assurance and AI CodeFix. Tariq Shaukat, the CEO of Sonar, said with the rise of AI-generated code, there have been a lot of issues in the review stages.

“AI-generated code needs review by developers, but accountability for doing this is increasingly diluted. As a result, we’re seeing the review step frequently being shortchanged,” he explained.

We recently spoke with Tariq, as well as the VP of Product, Fabrice Bellingard, about how these new tools are designed to further Sonar’s commitment to helping developers increase their productivity and deliver high-quality and secure code.

After our last interview, I talked with a friend who uses Sonar for work. He had nothing but good things to say about it — noting the quality gates were one of his favorite features — including how handy it is to check pull requests for each project.

If you need a refresher, no worries. As a software company, Sonar’s focused on enabling developers and organizations to have confidence that all code (AI-generated or human-written) is consistent, intentional, adaptable, and responsible.

“AI is transforming the way developers work, streamlining processes, and reducing the toil associated with writing code,” Tariq said. “As the adoption of AI coding assistants grows, however, we are seeing a new issue emerge: code accountability.”

Sonar helps developers keep accountability with these solutions:

• SonarQube Server: Acting like a bodyguard, SonarQube continuously checks your code for bugs, security issues, and unclean code (AKA “code smells”). It works with more than 30 Programming Languages, so no matter the language, you know no issues will ever make it to production. Plus, you can also create custom rules and quality standards.
• SonarQube Cloud: As SonarQube Server’s cloud-based counterpart, SonarQube Cloud analyzes your code for quality and security issues in real time. One of the best parts is you can integrate it easily with your favorite DevOps platforms, such as GitHub or GitLab. Since it’s managed in the cloud, there’s also no need to worry about setting up or maintaining any infrastructure — just focus on your code.
• SonarQube for IDE: SonarQube for IDE works like a spell-checker for your code, giving you instant feedback on potential issues as you type. (It’s like how your Word doc flags you for grammar mistakes or misspellings.) Plus, you can sync SonarQube for IDE with SonarQube Server or Cloud, so everyone’s working by the same coding standards.

Whether your code is AI-generated, you wrote it yourself, or you know a guy who did it for you, Sonar can quality-check every part of it.

Although the platform has only been around since 2008, it’s used by more than 7 million developers across 400,000 global organizations, including the Department of Defense, Microsoft, NASA, and MasterCard.

With that in mind, I guess it comes as no surprise that it recently announced two small yet mighty additions to SonarQube Server and SonarQube Cloud: AI Code Assurance and AI CodeFix.

If you’re one of the many who feel a bit unsure about adding AI to your workflow, I totally get it — and so does Sonar. But what usually gets me on board is seeing whether a certain approach is worth it. And the best way to find out? Studies.

So, here’s one for you: a McKinsey report shows that developers using generative AI in their workflows are “twice as likely to report overall happiness, fulfillment, and a state of flow” compared to those who don’t. (And, from my own mini-study, I can tell you my dev friend is on board with this too.)

But of course, you may not know these tools yet, so I won’t push them on you.

Actually, I think they’ll sell themselves.

Sonar’s AI Code Assurance basically enables developers and organizations to have confidence and trust that projects using AI tools to generate code are meeting high standards of quality and security.

With Sonar’s comprehensive code analysis, AI Code Assurance ensures that AI-generated code passes a strict quality gate to prevent any new code quality or security issues from slipping into production.

“With AI Code Assurance, we’re helping organizations ensure that AI-written code receives the high level of quality and security review that you would expect from your developers,” explained Tariq.

Here’s what else you can do with Code Assurance:

• Tag projects that contain AI-generated code so you can be sure they get a fully vetted analysis through the Sonar workflow.
• Set up quality gates for all AI-generated code to make sure all code is meeting your organization’s strict quality and security requirements before it even gets close to production. You’ll know which projects have passed the quality gate by an approved badge, which only appears on projects that have gone through Sonar analysis.

AI Code Assurance is available on SonarQube Server and SonarQube Cloud. Learn more about it here.

Next on the list is AI CodeFix.

While AI Code Assurance focuses on maintaining the code standards for quality and security, AI CodeFix is more in the weeds: It provides one-click AI-powered fix recommendations for issues detected by Sonar’s precise static code analysis, so time to market is just that much faster (and with fewer steps).

“Rather than switching between solutions or manual efforts, we’re putting remediation options for Sonar-identified issues right in front of the people working on them – and giving them the ability to fix the issues in an instant,” Fabrice explained.

Here’s how it works: Easily spot and fix code issues using a built-in set of rules and best practices from Sonar. And with one click, you can generate solutions — whether you’re using SonarQube Server or SonarQube Cloud.

Here’s exactly what AI CodeFix can do:

• Forget about manual debugging and rejoice for no more wasted time; with AI CodeFix, you can automatically generate code fix suggestions and apply them after reviewing them. How, you ask? By leveraging large language models (LLMs), the tool has been trained to understand code context and provide relevant fixes.
• Integrate with SonarQube Server or SonarQube Cloud with SonarQube for IDE’s connected mode (SonarQube for IDE is the solution that provides instant real-time analysis of your code as you write it.) In connected mode, AI CodeFix allows developers to fix issues directly inside the IDE, ensuring a smooth workflow. This mode synchronizes rules and settings so you can be sure you’re maintaining consistency across the board, no matter where you are in the CI/CD pipeline.

“We’re excited to see how our users adopt this capability and better understand how we can further integrate AI into our solutions to improve the developer experience,” said Fabrice.

AI CodeFix is currently available for early access in SonarQube Server Enterprise Edition, SonarQube Server Data Center Edition, and SonarQube Cloud Team and Enterprise plans. Read more about AI CodeFix here or stay tuned for other news releases on Sonar’s blog.

Till then, check out more about Sonar AI Code Assurance and AI CodeFix for yourself.