Analysis evidence from SonarQube now available in JFrog AppTrust

Sonar and JFrog have formed a strategic partnership to address the engineering productivity paradox, where development teams must balance rapid innovation with strict security and compliance demands. This collaboration integrates SonarQube's automated code review with JFrog's AppTrust governance platform to create a comprehensive 'code-to-deploy' solution for the software development lifecycle (SDLC). By combining SonarQube's code quality and security insights with JFrog Artifactory's artifact management, the partnership aims to eliminate manual processes and streamline workflows, providing a unified source of truth for software quality and compliance. The SonarQube-AppTrust integration offers automated governance through cryptographically signed evidence of code quality, directly linking it to software artifacts in JFrog Artifactory. This approach enhances pipeline reliability, accelerates development processes, and automates compliance, allowing developers to focus on innovation while maintaining rigorous security standards. The integration is now available for Enterprise plans of SonarQube Cloud, with plans to expand support to SonarQube Server, positioning this alliance as a future-proof platform for evolving software development needs.