Start Free
10.7 | Server upgrade and maintenance | Release and deprecation notes | Release notes

Release notes

On this page

This page groups the release notes for SonarQube, with a focus on new features and enhancements. Links to the full release notes for each version are available below.

To check for breaking changes before an upgrade, refer to the release upgrade notes.

SonarQube 10.7 release notes

Full release notes

AI features

AI-generated fix suggestions 

Available in Early Access in Enterprise Edition and above.

When investigating an issue, you can ask for an AI-generated fix suggestion and open it directly in your IDE (VS Code, IntelliJ, and Eclipse).

AI code assurance 

Available starting in Developer Edition.

You can now flag projects as containing AI-generated code. The flagged projects will use the Sonar way quality gate to ensure the ai-generated code is clean. 

IDE 

Advanced bug detection 

Available starting in Developer Edition.

To help you detect issues earlier in the development cycle, Java and Python dataflow bug detection (DBD) issues are now reported to IntelliJ and Eclipse when working in connected mode. 

Setup and Authentication 

Modern Authentication for SMTP server

SonarQube can now use modern authentication, required to integrate with email SMTP servers.

Installation on OpenShift supported 

Available starting in Developer Edition.

SonarQube now better supports deploying its helm chart on OpenShift

Automatic synchronization of project permissions and roles with GitLab

Available starting in Developer Edition.

When integrating with GitLab, project permissions and custom roles are now automatically synchronized.

Password policy rules

Administrators can define a password policy for local accounts.

Security reports

Based on the results of your analysis, Cloud Application Security Assessment (CASA) and Security Technical Implementation Guides (STIGs) security reports are available for your projects.

New rules for Javascript and Typescript 

We've added 10 new rules that find structure problems in JavaScript and TypeScript code.

Support for Dart

Available starting in Developer Edition.

Analysis of Dart is now supported. It includes support for loading coverage data provided by LCOV and more than 70 rules, including cognitive complexity. 

Secrets Detection includes more patterns and cloud services 

Available starting in Developer Edition.

With added support for more than 30 new patterns, SonarQube now covers 146 secrets patterns and can detect secrets/tokens generated by 81 cloud services.

Additional support for PyTorch Library and Jupyter Notebooks for machine learning practitioners

We’ve increased support for machine learning with 7 new rules for the PyTorch library. Analysis of Jupyter Notebooks, previously added in VS Code, is now available.

Kubernetes / Helm Improvements

Eight new maintainability rules are available. Analysis of issues across multiple files is now supported. 

Support added for C23

Analysis of C23, the latest major revision of C, is now supported. 

MISRA C++2023 Improvements

7 new preprocessor and code presentation rules inspired by MISRA C++2023 are now available.

Improved analysis time on Mac Apple Silicon for C/C++/Objective-C Projects

The analysis performance of the analysis when using Apple silicon processors has been improved by 30%.

Additional support for Spring framework in Java

To improve security coverage, we’ve added advanced security rules for the Spring Framework to reach a coverage of 92% for security-sensitive Spring features. 

SonarQube 10.6 release notes

Full release notes

Server installation and upgrade

Upgrade predictability and monitoring during the database migration

The upgrade now shows the progress of the database migration and gives an estimate of when it will complete. 

Autoscaling SonarQube cluster in Kubernetes

Available in Data Center Edition

When running a cluster in Kubernetes, SonarQube will automatically scale pods in and out using Kubernetes HorizontalPodAutoscaler (HPA) depending on the load.

FIPS compliance

SonarQube server can now run in FIPS-enforced environments.

Developer workflow

Branch and pull request overview simplified

Duplication of failed quality gate conditions has been reduced. New and overall code are presented in their own tabs, improving focus on new code while practicing Clean as You Code.

Clean as You Code in-product guided tour 

The project page offers an in-product guided tour that explains the basics of Clean as You Code and the main concepts behind the methodology.

Set rule priority to uphold your coding standards

Starting in Enterprise Edition

A dev manager or anyone who determines company code standards can now configure the priority of rules in the quality profile and add a quality gate condition to the overall code so that developers can address the corresponding issues before the next release.

Connected Mode

Open issue from SonarQube in Visual Studio

In Connected Mode, you can open an issue from SonarQube in Visual Studio. The feature is now available in all IDE flavors. 

For details, see Connected mode.

Report dataflow bugs in VS Code and IntelliJ

Starting in Developer Edition

In Connected Mode, SonarLint reports in VS Code and IntelliJ the Java and Python dataflow bug detection (DBD) issues that can be detected by analyzing a single file.

Share connected mode setup with other contributors

It’s now possible to share a Connected Mode setup configuration file with your team, simplifying the setup process.

For details, see the "Sharing your setup" section on the Team features page for your IDE.

Detect your custom secret patterns in SonarLint for Visual Studio

Starting in Enterprise Edition when running in Connected mode.

In Connected Mode, SonarLint for Visual Studio can now detect your custom secret patterns before they are shared with SCM repositories. The feature is now available for all the SonarLint IDE flavors. See "Defining custom secret patterns" on the Secrets page for more details.

API & DevOps integration

One-step bulk import of GitLab repositories

It's now possible to import multiple GitLab repositories at once.

Simplified monorepo setup for Azure DevOps and Bitbucket

Starting in Enterprise Edition

An in-product walkthrough for setting up monorepo projects is now available for AzureDevOps and Bitbucket, as well as for all DevOps platforms.

Languages and rules

Additional support for C++23

Rules for C++23 have been updated, adding the support for the “deducing this” capability.

Security rules for Spring

There are now 6 new rules to detect security issues in Spring configuration files. 

Accessibility rules in HTML and React/JSX

10 new accessibility rules are now available for HTML and for React/JSX in JavaScript/TypeScript.

Python

  • Support for machine learning has been increased with support for the Scikit-Learn library.
  • New rules for date and time libraries have been added.

New rules for Azure Resource Manager

11 new rules covering Azure Resource Manager templates are now available.

Support for WebAPI and MVC for ASP.NET Core

9 new ASP.NET rules are now available, adding support for WebAPI endpoints and MVC controllers. 

.NET cryptography rules updated

The .NET cryptography rules are now up to date with the 2024 state of the art. 

Improvements to MISRA C++2023 rules

The MISRA C++2023 rules have been reviewed, and relevant ideas have been used to improve or add rules for C++ in Sonar way.

Analysis setup and configuration

Specific JRE version no longer needed for CLI and NPM scanners 

The CLI and NPM scanners no longer require a specific version of the Java Runtime Environment to run. This removes the need to update the JRE version used in the pipelines.

C and C++ analysis can run on Linux ARM64

C and C++ analysis is now supported for Linux ARM64.

Improved experience for C and C++ analysis

To improve the experience of setting up C and C++ project analysis: 

  •  Sonar’s Build Wrapper now generates a compilation database.
  • An automatic configuration mode is now available. Using Build Wrapper is no longer a requirement for scanning most C and C++ projects.

For details, see Analysis modes.



Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License