Release notes
On this page
This page groups the release notes for SonarQube, with a focus on new features and enhancements. Links to the full release notes for each version are available below.
To check for breaking changes before an upgrade, refer to the release upgrade notes.
SonarQube 10.6 release notes
Full release notes
Server installation and upgrade
Upgrade predictability and monitoring during the database migration
The upgrade now shows the progress of the database migration and gives an estimate of when it will complete.
Autoscaling SonarQube cluster in Kubernetes
Available in Data Center Edition
When running a cluster in Kubernetes, SonarQube will automatically scale pods in and out using Kubernetes HorizontalPodAutoscaler (HPA) depending on the load.
FIPS compliance
SonarQube server can now run in FIPS-enforced environments.
Developer workflow
Branch and pull request overview simplified
Duplication of failed quality gate conditions has been reduced. New and overall code are presented in their own tabs, improving focus on new code while practicing Clean as You Code.
Clean as You Code in-product guided tour
The project page offers an in-product guided tour that explains the basics of Clean as You Code and the main concepts behind the methodology.
Set rule priority to uphold your coding standards
Starting in Enterprise Edition
A dev manager or anyone who determines company code standards can now configure the priority of rules in the quality profile and add a quality gate condition to the overall code so that developers can address the corresponding issues before the next release.
Connected Mode
Open issue from SonarQube in Visual Studio
In Connected Mode, you can open an issue from SonarQube in Visual Studio. The feature is now available in all IDE flavors.
For details, see Connected mode.
Report dataflow bugs in VS Code and IntelliJ
Starting in Developer Edition
In Connected Mode, SonarLint reports in VS Code and IntelliJ the Java and Python dataflow bug detection (DBD) issues that can be detected by analyzing a single file.
Share connected mode setup with other contributors
It’s now possible to share a Connected Mode setup configuration file with your team, simplifying the setup process.
For details, see the "Sharing your setup" section on the Team features page for your IDE.
Detect your custom secret patterns in SonarLint for Visual Studio
Starting in Enterprise Edition when running in Connected mode.
In Connected Mode, SonarLint for Visual Studio can now detect your custom secret patterns before they are shared with SCM repositories. The feature is now available for all the SonarLint IDE flavors. See "Defining custom secret patterns" on the Secrets page for more details.
API & DevOps integration
One-step bulk import of GitLab repositories
It's now possible to import multiple GitLab repositories at once.
Simplified monorepo setup for Azure DevOps and Bitbucket
Starting in Enterprise Edition
An in-product walkthrough for setting up monorepo projects is now available for AzureDevOps and Bitbucket, as well as for all DevOps platforms.
Languages and rules
Additional support for C++23
Rules for C++23 have been updated, adding the support for the “deducing this” capability.
Security rules for Spring
There are now 6 new rules to detect security issues in Spring configuration files.
Accessibility rules in HTML and React/JSX
10 new accessibility rules are now available for HTML and for React/JSX in JavaScript/TypeScript.
Python
- Support for machine learning has been increased with support for the Scikit-Learn library.
- New rules for date and time libraries have been added.
New rules for Azure Resource Manager
11 new rules covering Azure Resource Manager templates are now available.
Support for WebAPI and MVC for ASP.NET Core
9 new ASP.NET rules are now available, adding support for WebAPI endpoints and MVC controllers.
.NET cryptography rules updated
The .NET cryptography rules are now up to date with the 2024 state of the art.
Improvements to MISRA C++2023 rules
The MISRA C++2023 rules have been reviewed, and relevant ideas have been used to improve or add rules for C++ in Sonar way.
Analysis setup and configuration
Specific JRE version no longer needed for CLI and NPM scanners
The CLI and NPM scanners no longer require a specific version of the Java Runtime Environment to run. This removes the need to update the JRE version used in the pipelines.
C and C++ analysis can run on Linux ARM64
C and C++ analysis is now supported for Linux ARM64.
Improved experience for C and C++ analysis
To improve the experience of setting up C and C++ project analysis:
- Sonar’s Build Wrapper now generates a compilation database.
- An automatic configuration mode is now available. Using Build Wrapper is no longer a requirement for scanning most C and C++ projects.
For details, see Analysis modes.
Was this page helpful?
© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.
