Release notes
On this page
This page groups the release notes for SonarQube, with a focus on new features and enhancements. Links to the full release notes for each version are available below.
To check for breaking changes before an upgrade, refer to the release upgrade notes.
SonarQube 10.7 release notes
Full release notes
AI features
AI-generated fix suggestions
Available in Early Access in Enterprise Edition and above.
When investigating an issue, you can ask for an AI-generated fix suggestion and open it directly in your IDE (VS Code, IntelliJ, and Eclipse).
AI code assurance
Available starting in Developer Edition.
You can now flag projects as containing AI-generated code. The flagged projects will use the Sonar way quality gate to ensure the ai-generated code is clean.
IDE
Advanced bug detection
Available starting in Developer Edition.
To help you detect issues earlier in the development cycle, Java and Python dataflow bug detection (DBD) issues are now reported to IntelliJ and Eclipse when working in connected mode.
Setup and Authentication
Modern Authentication for SMTP server
SonarQube can now use modern authentication, required to integrate with email SMTP servers.
Installation on OpenShift supported
Available starting in Developer Edition.
SonarQube now better supports deploying its helm chart on OpenShift.
Automatic synchronization of project permissions and roles with GitLab
Available starting in Developer Edition.
When integrating with GitLab, project permissions and custom roles are now automatically synchronized.
Password policy rules
Administrators can define a password policy for local accounts.
Security reports
Based on the results of your analysis, Cloud Application Security Assessment (CASA) and Security Technical Implementation Guides (STIGs) security reports are available for your projects.
New rules for Javascript and Typescript
We've added 10 new rules that find structure problems in JavaScript and TypeScript code.
Support for Dart
Available starting in Developer Edition.
Analysis of Dart is now supported. It includes support for loading coverage data provided by LCOV and more than 70 rules, including cognitive complexity.
Secrets Detection includes more patterns and cloud services
Available starting in Developer Edition.
With added support for more than 30 new patterns, SonarQube now covers 146 secrets patterns and can detect secrets/tokens generated by 81 cloud services.
Additional support for PyTorch Library and Jupyter Notebooks for machine learning practitioners
We’ve increased support for machine learning with 7 new rules for the PyTorch library. Analysis of Jupyter Notebooks, previously added in VS Code, is now available.
Kubernetes / Helm Improvements
Eight new maintainability rules are available. Analysis of issues across multiple files is now supported.
Support added for C23
Analysis of C23, the latest major revision of C, is now supported.
MISRA C++2023 Improvements
7 new preprocessor and code presentation rules inspired by MISRA C++2023 are now available.
Improved analysis time on Mac Apple Silicon for C/C++/Objective-C Projects
The analysis performance of the analysis when using Apple silicon processors has been improved by 30%.
Additional support for Spring framework in Java
To improve security coverage, we’ve added advanced security rules for the Spring Framework to reach a coverage of 92% for security-sensitive Spring features.
SonarQube 10.6 release notes
Full release notes
Server installation and upgrade
Upgrade predictability and monitoring during the database migration
The upgrade now shows the progress of the database migration and gives an estimate of when it will complete.
Autoscaling SonarQube cluster in Kubernetes
Available in Data Center Edition
When running a cluster in Kubernetes, SonarQube will automatically scale pods in and out using Kubernetes HorizontalPodAutoscaler (HPA) depending on the load.
FIPS compliance
SonarQube server can now run in FIPS-enforced environments.
Developer workflow
Branch and pull request overview simplified
Duplication of failed quality gate conditions has been reduced. New and overall code are presented in their own tabs, improving focus on new code while practicing Clean as You Code.
Clean as You Code in-product guided tour
The project page offers an in-product guided tour that explains the basics of Clean as You Code and the main concepts behind the methodology.
Set rule priority to uphold your coding standards
Starting in Enterprise Edition
A dev manager or anyone who determines company code standards can now configure the priority of rules in the quality profile and add a quality gate condition to the overall code so that developers can address the corresponding issues before the next release.
Connected Mode
Open issue from SonarQube in Visual Studio
In Connected Mode, you can open an issue from SonarQube in Visual Studio. The feature is now available in all IDE flavors.
For details, see Connected mode.
Report dataflow bugs in VS Code and IntelliJ
Starting in Developer Edition
In Connected Mode, SonarLint reports in VS Code and IntelliJ the Java and Python dataflow bug detection (DBD) issues that can be detected by analyzing a single file.
Share connected mode setup with other contributors
It’s now possible to share a Connected Mode setup configuration file with your team, simplifying the setup process.
For details, see the "Sharing your setup" section on the Team features page for your IDE.
Detect your custom secret patterns in SonarLint for Visual Studio
Starting in Enterprise Edition when running in Connected mode.
In Connected Mode, SonarLint for Visual Studio can now detect your custom secret patterns before they are shared with SCM repositories. The feature is now available for all the SonarLint IDE flavors. See "Defining custom secret patterns" on the Secrets page for more details.
API & DevOps integration
One-step bulk import of GitLab repositories
It's now possible to import multiple GitLab repositories at once.
Simplified monorepo setup for Azure DevOps and Bitbucket
Starting in Enterprise Edition
An in-product walkthrough for setting up monorepo projects is now available for AzureDevOps and Bitbucket, as well as for all DevOps platforms.
Languages and rules
Additional support for C++23
Rules for C++23 have been updated, adding the support for the “deducing this” capability.
Security rules for Spring
There are now 6 new rules to detect security issues in Spring configuration files.
Accessibility rules in HTML and React/JSX
10 new accessibility rules are now available for HTML and for React/JSX in JavaScript/TypeScript.
Python
- Support for machine learning has been increased with support for the Scikit-Learn library.
- New rules for date and time libraries have been added.
New rules for Azure Resource Manager
11 new rules covering Azure Resource Manager templates are now available.
Support for WebAPI and MVC for ASP.NET Core
9 new ASP.NET rules are now available, adding support for WebAPI endpoints and MVC controllers.
.NET cryptography rules updated
The .NET cryptography rules are now up to date with the 2024 state of the art.
Improvements to MISRA C++2023 rules
The MISRA C++2023 rules have been reviewed, and relevant ideas have been used to improve or add rules for C++ in Sonar way.
Analysis setup and configuration
Specific JRE version no longer needed for CLI and NPM scanners
The CLI and NPM scanners no longer require a specific version of the Java Runtime Environment to run. This removes the need to update the JRE version used in the pipelines.
C and C++ analysis can run on Linux ARM64
C and C++ analysis is now supported for Linux ARM64.
Improved experience for C and C++ analysis
To improve the experience of setting up C and C++ project analysis:
- Sonar’s Build Wrapper now generates a compilation database.
- An automatic configuration mode is now available. Using Build Wrapper is no longer a requirement for scanning most C and C++ projects.
For details, see Analysis modes.
Was this page helpful?