How Freshworks Scales Shift-Left Security with SonarQube | Sonar Summit 2026

Company Overview and Engineering Scale

Freshworks is an enterprise software company delivering customer and employee experience solutions across multiple product lines including customer support, ITSM, IT asset management, and CRM. With approximately 74,000 customers globally, Freshworks operates at significant scale with over 2,000 repositories managed within its GitHub organization. This scale provides engineering teams with flexibility and autonomy but creates substantial challenges around standardization, governance, and maintaining consistent quality across hundreds of teams and numerous codebases.

Platform-Driven Standardization and Governance

To address these challenges, Freshworks transformed from a fragmented model where individual teams maintained separate pipelines and processes into a unified, platform-based approach. Led by heads of DevOps like Praine SK, the company implemented an internal developer platform called Cubics that standardizes CI/CD workflows, manages Kubernetes lifecycle management, and enforces release governance. This shift recognized a critical insight: maintaining consistent quality across thousands of repositories cannot rely on team-by-team efforts but must be built into the platform by default. The platform now ensures that all CI/CD workflows are standardized, quality is automated, and deployments are fully governed with end-to-end visibility for management and stakeholders.

Embedding Security into the Developer Workflow

Freshworks integrated SonarQube directly into its standard CI/CD templates, enabling automated quality checks and advanced security analysis on every pull request. This shift-left approach catches vulnerabilities early in the development cycle, prevents accidental credential leaks before they reach production, and eliminates manual enforcement overhead. The organization also implemented SonarWay for code analysis to track AI-generated code at the portfolio level, ensuring that innovation doesn't compromise maintainability or security. By embedding security checks into the standard workflow rather than treating them as post-release audits, developers receive immediate feedback and context-aware fixes that reduce debugging time and accelerate remediation.

Enhancing Developer Productivity While Maintaining Quality

The philosophy guiding Freshworks' implementation centers on making "the right way the easiest way." Rather than slowing teams down with guard rails, the platform removes friction from the development process through automation and intelligent tooling. Freshworks introduced code fix capabilities that generate contextual solutions within the developer workflow, eliminating manual debugging and speeding up remediation. This approach, combined with AI-powered copilot agents that automatically debug build failures and generate remediation guidance, has resulted in faster build validation cycles, reduced post-release defects, and improved deployment success rates. The guardrails thus become enablers of innovation rather than obstacles to speed.

Onboarding and Continuous Improvement

When developers onboard to new services, Freshworks provides a fully integrated, preconfigured setup that includes pre-integrated SonarQube analysis and standardized quality profiles from day one. This ensures that quality standards are enforced consistently across all new projects without requiring manual configuration or policy enforcement. The integration of code quality and security analysis in the same workflow stage has proven transformative, allowing Freshworks to maintain enterprise-grade security and code quality while enabling teams to operate with increased autonomy and innovation velocity.

Key Takeaways

• Platform-based quality is non-negotiable at scale: With 2,000+ repositories, quality and security cannot be enforced manually but must be embedded into CI/CD workflows and developer platforms
• Shift-left security reduces both risk and toil: Integrating SonarQube analysis into standard pull request workflows catches vulnerabilities early and prevents credentials from reaching production
• Guardrails enable rather than inhibit productivity: Automated checks, context-aware fixes, and AI-powered remediation guidance remove friction and allow developers to focus on building customer value
• Standardization requires developer buy-in through automation: Making the right way the easiest way through tooling and preconfigured setups is more effective than manual enforcement across hundreds of teams
• AI-generated code requires dedicated tracking: Using specialized analysis (like SonarWay) to monitor AI code at the portfolio level helps organizations maintain maintainability and security while innovating rapidly