Continuous Inspection

Products News

SonarQube JavaScript 2.14 Released

June 23, 2016

SonarSource is pleased to announce the release of the SonarQube JavaScript plugin version 2.14.

The version brings support for SonarQube version 5.6, the new Long Term Support version, as well as precise issue location for all rules, and improvements in symbolic execution. Let’s look at some examples:

The advent of precise issue locations means we no longer highlight the entire line when we raise an issue on a line. Instead, we can now highlight only, and precisely that part of the line that’s relevant to the issue being raised. For instance, on line 106, only the declaration of i is highlighted:

Along with precise issue highlighting comes the ability to add secondary highlights to help you understand the context of the issue. So in the example above, you see that the initial declaration of i is also highlighted.

Also in this version are improvements to semantic execution, to help find even trickier bugs. For example, in this case an issue is raised on line 2651 saying that !selector is always false.

We know the condition must always be false because on line 2050, there’s an early return if !(node && selector). Since that translates to !node || !selector, we cannot reach line 2051 if selector is false.

This example’s a little more complex:

Since scope can only be true if view is true (line 6969), and tool can only be true if scope is true (line 6970), that means that tool is true if view is true. Since you can’t get to line 6976, where the issue is raised, unless tool is true, that must necessarily mean that view is true.

This is the type of issue that’s not obvious to the coder at first glace, but is easy to find with JavaScript’s enhanced symbolic execution.

This version additionally offers two new rules:

Please read the release notes for more information. You can install or update it via the Update Center.

Documentation is available on the product page.

SonarQube GitHub 1.3 Released

June 21, 2016

SonarSource is pleased to announce the release of the GitHub plugin version 1.3.

This version loosens the permissions required to analyse pull requests. Until version 1.2, the GitHub account used by the plugin had to be granted push permissions on the target repository to be able to update the status of the pull request:

GitHub-1.3_StatusUpdate

For open-source developers who wanted to activate analysis of pull requests coming from the community, this was a showstopper: credentials of this GitHub account could be stolen. Now with version 1.3, if the GitHub account does not have push access to the repository, only comments will be created and the update of the status of the pull request will fail silently (with a warning in the log though). The summary comment will obviously still be available:

GitHub-1.3_CommentSummary

This will allow any open-source developer to activate analysis of any pull request on his/her project.

Please read the release notes for more information. You can install or update it via the Update Center.

Documentation is available on the product page.

SonarQube Scanner for MSBuild 2.1 Released

June 15, 2016

SonarSource is pleased to announce the release of the SonarQube Scanner for MSBuild version 2.1.

The main purpose of this version is to fix the two following limitations:

  • One preventing the analysis of Visual Studio Solutions containing some SQL server projects (see SONARMSBRU-235)
  • And the other one leading to a big overhead when analysing some solutions containing some C++ projects (see SONARMSBRU-193)

Please read the release notes for more information.

Documentation and download available on the SonarQube Scanner for MSBuild product pages.

SonarQube C/C++/Objective C 3.12 Released

June 15, 2016

SonarSource is pleased to announce the release of the C/C++/Objective-C plugin version 3.12.

This new version provides the following 9 new rules:

 

Moreover, any Visual C++ project must now be analyzed with help of the SonarQube Scanner for MSBuild and so with a very minimalistic configuration effort. This should not be more complex than sequentially executing those three command lines :

MSBuild.SonarQube.Runner begin /k:project_key /n:project_name /v:project_version /d:sonar.cfamily.build-wrapper-output=<output directory>
build-wrapper.exe --out-dir <output directory> msbuild /t:rebuild
MSBuild.SonarQube.Runner end

Please use SonarQube Scanner for MSBuild 2.1+ version to not face the following overhead when compiling your C++ projects: SONARMSBRU-193.

 

The build-wrapper for Linux, OS X and Windows are now embedded into the plugin and so can be directly downloaded from your SonarQube server once the plugin is installed :

  • http://MySonarQubeServer/static/cpp/build-wrapper-win-x86.zip containing directory “build-wrapper-win-x86″ with files build-wrapper-win-x86-32.exe and build-wrapper-win-x86-64.exe
  • http://MySonarQubeServer/static/cpp/build-wrapper-macosx-x86.zip containing directory “build-wrapper-macosx-x86″ with files build-wrapper-macosx-x86
  • http://MySonarQubeServer/static/cpp/build-wrapper-linux-x86.zip containing directory “build-wrapper-linux-x86″ with files build-wrapper-linux-x86-64 and build-wrapper-linux-x86-32

 

Please read the release notes for more information about all the other improvements and bug fixes part of this release. You can install or update it via the Update Center.

Trial version and documentation are available on the C/C++ and Objective-C product pages.

SonarQube C# 5.3 Released

June 15, 2016

SonarSource is pleased to announce the release of the C# plugin version 5.3.

This new version embeds the following 9 new rules:

Please read the release notes for more information. You can install or update the C# plugin via the Update Center.

Documentation is available on the product page.

SonarQube COBOL 3.1.1 Released

June 15, 2016

SonarSource is pleased to announce the release of the COBOL plugin version 3.1.1.

This version fixes a bug that might lead to an analysis failure when activating the rule SELECT statements should not lead to full table scans.

Please read the release notes for more information. You can install or update the COBOL plugin via the Update Center.

Documentation is available on the product page.

SonarLint for Visual Studio 2.3 Released

June 14, 2016

SonarSource is pleased to announce the release of SonarLint for Visual Studio version 2.3.

 

This new version embeds the following 4 new rules:

 

And the following 6 rules have been improved to generate both less false-negatives and false-positives:

 

If you have any feedback, feel free to join the SonarLint Google Group.

Have fun with SonarLint!

 

SonarQube Governance 1.0 Released

June 13, 2016

SonarSource is pleased to announce the release of the Governance product version 1.0.

The Governance product provides the features to gear-up SonarQube from team-grade deployment to enterprise-grade deployment. It comes as the solution to organize and manage a portfolio of projects and make informed decision based on four key indicators: releasability, maintainability, reliability and security.

The Governance product benefits from the power of the new Quality Model introduced in the last SonarQube 5.6 LTS as it draws bugs and security vulnerabilities out of the mass of maintainability issues to clearly highlight projects risk, while retaining the calculation of technical debt. Its main features are the following:

  • Manage portfolio of projects into any kind of hierarchy tree(s). Projects can be grouped by applications, applications by team, teams by department, and so on.

Gov1.0-Views

  • Governance Dashboard: Aggregate all projects data into a single dashboard and get daily, weekly, monthly reports of all your projects in one click.

Gov1.0-Dashboard

  • Send report to executive by email in PDF “on demand” anytime

Gov1.0-PDF

  • Risk Management which allows to pinpoint areas that need a closer look and decisions to be taken.

Gov1.0-Risk

  • Move projects across instances of SonarQube project history and merge two instances of SonarQube.

Gov1.0-Export

  • Configure analysis model allowing organizations to determine the time needed to fix breaches.

Gov1.0-RemediationCost
The Governance product comes as part of our Enterprise Edition. Please, read the release notes for more information. You can install or update it via the Update Center.

Trial version and documentation are available on the product page.

SonarQube LDAP 2.0 released

June 10, 2016

The SonarSource Team is pleased to announce the release of the LDAP plugin version 2.0.

With this new version, the LDAP plugin gets back to what it does very well: it allows to connect SonarQube to a LDAP server to manage user authentication and authorizations. All the Active Directory specific features – like automatic configuration or SSO, has been moved to a dedicated Active Directory plugin managed by the community. Obviously, the LDAP plugin still allows to connect to the LDAP service of an Active Directory, but with manual configuration.

If you were previously using the Active Directory specific features, then you should not upgrade to this new version but instead remove the LDAP plugin and replace it by the new Active Directory community plugin that will be released soon.

Please, read the release notes for more information. You can install or update it via the Update Center.

Documentation is available on the product page.

SonarQube Developer Cockpit 1.12 Released

June 9, 2016

SonarSource is pleased to announce the release of the Developer Cockpit plugin version 1.12.

This new version provides compatibility with SonarQube 5.6 LTS.

Please, read the release notes for more information. You can install or update it via the Update Center.

Trial version and documentation are available on the product page.

Page 1 of 5312345...102030...Last »