At Sonar, we take security extremely seriously. Our security and governance program actively focuses on the security and privacy of your data and software. We continuously assess and improve our controls and associated processes by driving priorities through the ISO 27001 Information Security Management Framework. Plus, we are now fully engaged in obtaining a SOC 2 Type 1 report by Q2 and Type 2 by Q4 2024.

External pen tests are performed for each of our products and platforms at least twice a year, depending on LTS deployment. Summary reports are available below.

SonarQube is also certified for Iron Bank. Iron Bank is the US Department of Defense repository of digitally signed, binary container images that have been hardened according to their Container Hardening Guide.

Visit us at: Sonarsource.com

Email vulnerability disclosures to: security@sonarsource.com