Hello,
We are starting an alpha testing program for our new tool: the SonarQube Hunter Agent (SQHA). As an Enterprise customer, you are invited to participate.
What is the SonarQube Hunter Agent?
SQHA uses AI-driven instructions (called Playbooks) to reason through code logic. This allows it to find deep security flaws that regular static analysis misses.
The agent currently focuses on backend vulnerabilities, including:
- Broken Access Control and IDOR (Insecure Direct Object Reference)
- Business Logic Flaws
- Authentication & Session Management issues
During internal testing, this agent discovered 200 new security flaws (zero-days) in popular open-source projects. We are currently disclosing these ethically.
Alpha Requirements
To participate, you must test the tool on production backend code. Your environment must meet the following criteria:
- Platform: SonarQube Cloud Enterprise account (we require your organization key to activate the feature).
- SCM: GitHub or GitLab.
- Languages: Language-agnostic (primarily tested on Java and Python so far).
Benefits of Participation
- Early Access: Detect advanced vulnerabilities in your code repositories at no cost. This will be a paid feature upon general release.
- Product Influence: Your feedback will directly shape the development of the tool.
Feedback Objectives
During this test, we aim to evaluate three areas:
- Does the agent find critical security issues in your private code?
- Is the running speed acceptable for your workflow?
- Is the operational cost acceptable?
To join the alpha program, reply to this post with 
and I’ll get in touch with you for the details.
Alex