AI code quality startup Sonar buys AI code review startup Gitar

Automated code quality and security heavyweight SonarSource Sàrl said today it’s buying a rival startup called Gitar Inc. that specializes in artificial intelligence-native code reviews.

According to Sonar, the plan is to integrate Gitar’s advanced reasoning capabilities into its broader code verification engine. This will provide DevOps teams that are increasingly relying on autonomous AI agents to do the grunt work with a more comprehensive safety net.

More safeguards will be welcomed by enterprises, which have eagerly embraced the so-called vibe coding trend in order to keep up with their competitors. With the adoption of AI coding tools, human programmers have become more like coordinators and supervisors, prompting AI models and checking their work.

However, tools such as Cursor, Claude Code, Devin and GitHub Copilot have been churning out so much AI-generated code that few teams can keep up with them. That’s dangerous, because these models are still prone to hallucinations, which can lead to bad code that contains vulnerabilities and errors that bring down applications.

Gitar was established to try and prevent this. Founded by former Uber Technologies Inc. software engineers Ali-Reza Adl-Tabatabai and Gautam Korlam, the startup has built a kind of quality control platform for AI code. Whereas other tools simply try to flag errors, Gitar goes a step further and automatically fixes bugs and continuous integration failures within pull requests. It acts like an automated code reviewer that proactively corrects any errors it finds, before they reach production environments.

Gitar’s tech should fit nicely with Sonar, which is best known for SonarQube, a “zero-trust” code verification platform. Used by more than 755 of the Fortune 500, SonarQube is designed to ensure that application code is kept clean and secure. By acquiring Gitar, Sonar is evolving this platform and moving from static analysis toward agentic reasoning.

Sonar Chief Executive Tariq Shaukat said organizations have become obsessed with finding ways to increase software outputs without breaking things. With the practice of vibe coding now a staple among large enterprises, he believes that the time has come for another shift, and a focus on greater code governance. The biggest bottleneck for DevOps teams is no longer how fast they can create new code, but how far that code can be trusted.

“Enterprises will have a unified platform that brings together the best of AI code review and the most comprehensive verification engine in the market, providing the highest level of assurance whether you’re using Claude Code, Cursor, Codex, Devin or GitHub Copilot,” he promised.

Gitar CEO Adl-Tabatabai said his company ignored the temptation to build its own coding bots to focus on the much harder problem of code validation. “We saw firsthand what happens when development velocity outpaces code quality, and AI has only made that problem an order of magnitude bigger,” he explained.

Once Gitar’s technology is integrated with SonarQube, customers will be able to analyze the syntax, data flows, logic flows, control flows, architectures and dependencies in their databases, Shaukat explained. In addition, they’ll be able to set and enforce their own quality standards in a more accurate, consistent, repeatable and auditable way. Finally, they’ll be able to use AI agents to automatically fix any problems that show up, even while their coding agents accelerate the production of AI-generated software.

Organizations will be able to move away from the cascade of noisy signals and complex overheads they currently endure, and achieve greater productivity with vastly improved software quality, all while reducing the costs associated with AI coding bots, Shaukat added.

Image: Sonar