Sonar, the global leader in AI code verification and governance, has acquired Gitar, an AI-native code review platform, in a move designed to deliver a unified solution spanning the full lifecycle of AI-generated code, from the moment an agent begins writing to the moment that code lands in the codebase. The acquisition brings together Sonar's industry-leading verification engine with Gitar's intelligent code review capabilities, creating what the company positions as the most comprehensive platform for ensuring quality, security, and architectural integrity in the agentic development era.
Quick Intel
The Strategic Case for Unifying Code Review and Verification
Enterprise AI adoption has introduced a paradox: the faster development teams ship code with the help of AI agents, the greater the risk that quality, security, and architectural standards erode at scale. Sonar's acquisition of Gitar is a direct response to this dynamic, bringing together two complementary capabilities that have until now operated as separate concerns in the agentic development workflow.
SonarQube, Sonar's flagship verification platform, is already deeply embedded in enterprise development operations, with more than 75% of the Fortune 100 and 7 million developers relying on it to ensure the quality, security, and architectural integrity of AI-generated code. The platform's impact is quantifiable: teams using Sonar are 44% less likely to experience outages caused by AI-generated code, and codebases cleaned by SonarQube reduce AI agent token usage by up to 8%. Gitar adds AI-native code review to this foundation, specifically targeting the post-generation stage to provide intelligent fixes and reduce manual review overhead within GitHub and GitLab pull request workflows.
"Enterprise adoption of AI depends on strong verification of agentic output. Right now, every enterprise is asking the same question: 'How do we move fast with AI without breaking things?' Now, enterprises will have a unified platform that brings together the best of AI code review and the most comprehensive verification engine in the market, providing the highest level of assurance whether you're using Claude Code, Cursor, Codex, Devin, or GitHub Copilot," said Tariq Shaukat, CEO at Sonar.
Gitar's Leadership Brings Proven Platform-Scale Engineering Experience
Gitar was founded and led by Ali-Reza Adl-Tabatabai, a veteran of Uber, Google, and Meta, alongside Gautam Korlam, who together played central roles in building Uber's centralized developer platform. Both will join Sonar and take responsibility for leading the continued development of the Gitar platform, ensuring that the product's engineering direction and customer relationships remain intact through and beyond the transition.
"While the market chased AI code generation, we focused on the harder problem: validating it. We built Gitar because we saw firsthand what happens when development velocity outpaces code quality. AI has made that problem an order of magnitude bigger. We're deeply proud of what we've built at Gitar, and excited to bring that work into Sonar. Together, we'll deliver the greatest, unbeatable verification platform for the agentic era," said Ali-Reza Adl-Tabatabai, CEO at Gitar.
Existing Gitar customers will experience no disruption to their current workflows. The platform will continue to be available as a standalone product and will also be offered in combination with SonarQube and SonarQube Advanced Security.
A Unified Platform for the Full Agentic Development Lifecycle
With Gitar integrated into its offering, Sonar customers gain the ability to analyze syntax, data flows, logic flows, control flows, architectures, and dependencies across their codebase; set and enforce their own standards in an accurate, consistent, repeatable, and auditable manner; agentically fix identified issues; and do all of this both as agents are writing code and within continuous integration workflows. The combined platform is designed to replace fragmented, noisy signals and complex operational overhead with clear, actionable outcomes that improve software quality, increase delivery confidence, and reduce agentic coding time and token costs.
Nine New Capabilities Reflect a Year of Sustained Investment in Agentic Development
The Gitar acquisition is the latest in a sequence of product expansions under Sonar's Agent Centric Development Cycle methodology, which frames a systematic approach to ensuring AI agents operate in a trustworthy, consistent, and transparent way. Over the past twelve months, Sonar has introduced a series of new products and features that collectively extend its verification platform across the full agentic development stack:
SonarQube Advanced Security extends verification to the software supply chain through dependency-aware advanced static application security testing and software composition analysis. SonarQube Agentic Analysis enables AI agents to check their own work against an organization's quality standards in real time, preventing issues from compounding through subsequent reasoning tasks. SonarQube Architecture enforces rigorous architectural standards for both agents and developers, ensuring AI-generated code integrates cleanly with existing systems. SonarQube MCP Server connects AI agents to SonarQube's analysis engine in real time across tools including Claude Code, GitHub Copilot, Cursor, and Devin. SonarQube CLI provides a command-line interface for agentic environments, scanning AI-generated code in real time and intercepting session tokens, API keys, and sensitive credentials before they reach an LLM provider. SonarQube Plugin for Claude Code delivers Sonar's full verification analysis directly within Anthropic's Claude Code as a single installable unit. SonarQube Remediation Agent delivers verified fixes for identified issues, closing the loop from detection to resolution. Sonar Context Augmentation equips AI agents with the right context, guardrails, and organizational standards before a line of code is written, with measurable improvements in test pass rates. SonarSweep embeds enterprise context directly into fine-tuned models, reducing security vulnerabilities in LLM outputs by up to 67% by correcting code at the source before verification is needed.
The acquisition of Gitar and the broader product expansion it accompanies reflect a maturing understanding of what enterprise AI adoption actually requires in practice. Speed of generation has never been the bottleneck; the bottleneck has always been confidence that what is generated is safe, correct, and architecturally sound. Sonar's unified platform addresses that gap directly, and with Gitar's code review capabilities now integrated into the verification engine, enterprises have a more complete answer to the question of how to scale agentic development without accumulating technical and security debt in the process.
About Gitar
Gitar is an AI-powered code review and validation platform designed to automatically fix code, bugs, and CI failures within GitHub/GitLab pull requests. Targeted at the post-generation stage, it acts as an agentic quality gate, providing intelligent fixes and reducing manual review overhead for software teams.
About Sonar
Sonar, the global leader in AI code verification and governance, helps reduce outages, improve security, and lower costs and risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at Nvidia, ServiceNow, Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.