How Freshworks Scales Shift-Left Security with SonarQube | Sonar Summit 2026

Description

How do organizations scale shift-left security across thousands of developers? In this Sonar Summit 2026 fireside chat, engineering leaders from Freshworks and Sonar discuss how Freshworks empowers more than 1,500 developers to maintain high standards for code quality and security while accelerating development with AI-assisted workflows. As AI assistants increase the volume of code entering repositories, the bottleneck has shifted from code generation to verification and quality assurance. Freshworks addressed this challenge by embedding SonarQube directly into the developer workflow and enabling early detection of bugs, vulnerabilities, and code smells. In this session, you’ll learn: - How Freshworks implemented shift-left DevSecOps across a large engineering organization - How integrating SonarQube into the IDE enables real-time code quality and security checks - How AI-augmented remediation helps developers fix issues faster - How automated static analysis reduces technical debt and manual review overhead - How organizations can scale secure coding practices across distributed teams Discover how Freshworks built an AI-augmented developer workflow that allows teams to move faster while maintaining strong standards for application security, software quality, and reliability. Timestamps: 00:00 — Introduction 00:17 — Welcome and Freshworks DevOps Platform Team 00:46 — Freshworks Platform Overview and Engineering Scale 01:40 — Platform Role: CI/CD Pipelines, Kubernetes, and Governance 02:03 — Moving to a Paved-Path Developer Platform 02:28 — Making Code Quality the Platform Default at Scale 02:45 — Improving Developer Productivity with AI Coding Copilots 03:44 — Developer Buy-In for Platform Guardrails and Standards 04:06 — Making the Secure Path the Easiest Path for Developers 04:41 — Embedding Sonar Code Analysis in Standard CI Templates 05:06 — Secrets Detection and Early Security Checks in CI/CD 05:23 — AI Code Quality Assurance and Portfolio Visibility 06:14 — AI CodeFix: Contextual Code Remediation in the Developer Workflow 06:38 — Outcomes: Faster Code Validation and Fewer Software Defects 07:07 — Shifting Security Earlier in the Developer Workflow 07:42 — Developer-First Onboarding with Preconfigured Sonar Setup 08:32 — Pull Request Feedback Loops: Why They Matter and How to Fix Issues 09:07 — Leadership and Business Units Consuming Engineering Metrics 09:41 — Engineering KPIs Reported to Leadership 09:51 — Key Metrics: Platform Adoption, Developer Velocity, Business Confidence 11:01 — Velocity Metrics: Lead Time, Deployment Frequency, Change Failure Rate 12:06 — Business Metrics: Release Visibility and Audit-Ready Traceability 13:11 — AI Adoption: Coding Tools and Quality Control Practices 13:42 — AI Developer Tools: Cursor, GitHub Copilot, and More 14:44 — Intelligent Scale: Automated Code Validation and Guided Remediation 16:07 — Platform Guardrails vs AI Adoption Sequencing 16:32 — Parallel Rollout of Guardrails with New AI Platform Features 17:49 — Tracking AI Usage Signals and Developer Improvement Areas 19:24 — Internal AI Agents for Code Review and Implementation 20:02 — Guardrails Increasing Confidence in Shipping AI-Generated Code 21:17 — Closing: Treating Code Quality as a Platform Capability #SonarSummit #ShiftLeftSecurity #DevSecOps #ApplicationSecurity #SoftwareQuality