Sonar this week revealed it has added an ability to analyze the architecture of a software application to its SonarQube tool for analyzing code quality.

Available in beta and scheduled to be made generally available in the first quarter, the addition to SonarQube promises to make it simpler to understand the actual structure of an application versus what might have been initially intended.

Sonar chairman and founder Olivier Gaudin said that capability plays a critical role in preventing applications from potentially crashing as changes are made over time. In fact, the less attention that is paid to best architecture practices the greater the odds become that the amount of time and effort required to add new capabilities to an application will increase, noted Gaudin.

The ultimate goal is to reduce the likelihood that an application might one day have to be entirely rewritten as changes that deviated from the original architectural plan take their toll in the form of technical debt that eventually needs to be addressed, he added.

In effect, SonarQube is now able to reverse engineer an application by analyzing the code used to construct it. DevOps teams can then use those insights to define a structure for new and existing components, including the relationships between components, to create a blueprint for developers to follow while coding. SonarQube then performs automated reviews against your established architectural blueprint to surface gaps and deviations that can be addressed within the context of a DevOps workflow, said Gaudin.

It’s not clear how often organizations are rewriting applications because they have evolved in a way that proves unsustainable, but as application development teams rely more on artificial intelligence (AI) tools to write code it becomes more probable these types of issues will be encountered, noted Gaudin.

On the plus side, the ability to analyze architecture should make it easier for AI agents to more accurately assess applications in a way that ultimately serves to improve quality, he added. Longer term, the goal is to enable AI tools to automatically remediate issues that arise as developers are writing code, noted Gaudin

In the meantime, however, the number of architecture-related issues that DevOps teams are going to encounter is only going to increase as, for example, developers embrace so-called vibecoding tools to generate application code, he added.

Previously, Sonar has made available training tools to providers of large language models (LLMs) that are designed to help reduce the number of security vulnerabilities and bugs that might be generated, but it might be a while yet before the impact of the tools is seen in the output of the code being generated. For now, the quality of the code being generated by LLMs will continue to vary widely depending on the LLM being invoked.

DevOps teams, as a result, would be well-advised to double down on code reviews today that, all too often in the past in the name of expediency, were not always rigorously conducted as they should have been as application developers strove to add new capabilities to applications as quickly as possible no matter what the real ultimate cost might be.