At Sonar, we take security extremely seriously. Our security and governance program actively focuses on the security and privacy of your data and software. We continuously assess and improve our controls and associated processes. We are certified against the ISO 27001:2022 Information Security Management Framework, as well as maintain a SOC 2 Type II attestation for the Security, Confidentiality, and Availability Trust Services Criteria (TSCs).

External pen tests are performed for each of our products and platforms at least twice a year, depending on LTS deployment. Summary reports are available below.

SonarQube is also certified for Iron Bank. Iron Bank is the US Department of Defense repository of digitally signed, binary container images that have been hardened according to their Container Hardening Guide.

Visit us at: Sonarsource.com

Email vulnerability disclosures to: security@sonarsource.com