Sonar Acquires Gitar for AI Code Review

Sonar acquired Gitar to add AI code review to its code verification platform.

Sonar said on May 21, 2026, that it acquired Gitar, the AI-native code review platform, and will fold it into SonarQube. The deal adds AI review to Sonar’s verification stack for code written by agents and humans, with support for CI workflows and policy checks.

What changed

Sonar says Gitar will extend its platform from verification into review, so teams can inspect code as agents write it and before it lands in the codebase. The company says the combined product will analyze syntax, data flow, logic flow, control flow, architecture, and dependencies, then surface issues in a format developers can act on.

Gitar will remain available as a standalone product, and existing customers are not expected to see changes. Sonar also said Gitar will be sold alongside SonarQube and SonarQube Advanced Security. The acquired team includes Ali-Reza Adl-Tabatabai and Gautam Korlam, who will join Sonar and lead Gitar’s development.

• Sonar says more than 75% of the Fortune 100 and 7 million developers use SonarQube.
• It claims teams using Sonar are 44% less likely to suffer outages from AI-generated code.
• Sonar says cleaned codebases can cut AI agent token usage by up to 8%.
• The company will demo the combined offering on June 11, 2026.

Why it matters

The acquisition reflects a shift in enterprise AI adoption: companies are no longer just asking how to generate code faster, but how to verify it before it causes defects, outages, or security issues. For developers, that means one workflow for review, policy enforcement, and remediation instead of separate tools for generation and quality control.

It also gives Sonar a clearer pitch to teams using Claude Code, Cursor, Codex, Devin, or GitHub Copilot. If the integration works as promised, Sonar can position itself as the gatekeeper between agent output and production code, which could matter for regulated companies and large engineering orgs that need audit trails and repeatable checks.

The key question now is whether AI code review becomes a must-have layer in the agentic stack, or whether teams will keep treating review and verification as separate jobs.