Exciting news! Through its acquisition of Tidelift, Sonar enhances its existing security capabilities by extending coverage to open-source software, which makes up over 90% of modern software. 

The maintainers of thousands of the most popular open source packages get paid by Tidelift to implement industry-leading secure software development practices and document the practices they follow.

The combined Sonar and Tidelift solution provides end-to-end code security and quality management, covering:

• Reduce security risk by eliminating attack entry points through bad packages
• Improve productivity by reducing vulnerability fire drills from insecure or undermaintained packages
• Improve application quality by building with healthy and resilient open source packages
• Increase operational efficiency by saving costly manual package evaluation time

This ensures a comprehensive approach to managing software supply chain risks and improving code quality. Grab some time with our team and we’ll show you how it works!