Continuous Inspection

Products News

SonarQube Java 3.10 Released

February 5, 2016

SonarSource is pleased to announce the release of the Java plugin version 3.10.

With this new version, the Symbolic Execution engine, in charge to go through all possible execution paths to detect bugs, is now able to handle relations between symbolic values. What does this mean concretely ? Let’s have a look to a real life issue located in the Apache Vysper code  :

The simplified reasoning of Symbolic Execution engine is the following one :

  1. To reach the code where there is an issue, that means that condition (to == null || to.equals(serverEntity)) was false 6 lines above.
  2. Which means by definition that 'to' is not equal to 'serverEntity' at that point of time.
  3. As, by design in Java, the 'public boolean equals(Object obj)' method is symmetric, isServerInfoRequest = serverEntity.equals(to) is false
  4. And so the condition !isServerInfoRequest is always true
  5. Q.E.D.

Apache_Vysper

 

Moreover, this version embeds 17 new rules with some of them targeting the analysis of EJB, Spring, Web configuration files:

Please read the release notes for more information. You can install or update it via the Update Center.

Documentation is available on the product page.

SonarQube C/C++/Objective C 3.9 Released

February 3, 2016

SonarSource is pleased to announce the release of the C/C++/Objective-C plugin version 3.9.

This new version embeds 11 new rules and all rules are now able to trigger some issues directly on header files. Moreover, the default “Sonar Way” quality profile has been tuned to make it suitable out-of-the-box for most C/C++/Objective-C projects.

Those 11 new rules are :

Please read the release notes for more information. You can install or update it via the Update Center.

Trial version and documentation are available on the C/C++ and Objective-C product pages.

SonarLint for IntelliJ 1.3 Released

January 29, 2016

SonarSource is pleased to announce the release of SonarLint for IntelliJ version 1.3.

This new version adds a “SonarLint” tool window that allows to quickly see all issues of a file at once:

SLI-1.3_ToolWindow

 

On the picture, you can also notice that this new version again made some progress to fit more in the IntelliJ look & feel: no specific SonarLint icon in the left column but only the tick in the right one, and accessing the rule description is now available through a standard “more…” link. Also, SonarLint blocker issues are now reported as errors, which makes the editor turn red so that you don’t miss them.

For more information, have a look to the release note or visit the dedicated SonarLint for IntelliJ web site.

Have fun with SonarLint !

SonarLint for Visual Studio 1.7 Released

January 27, 2016

SonarSource is pleased to announce the release of SonarLint for Visual Studio version 1.7.

This version embeds 5 new C# rules and some false positives reported by the community have been fixed.

Here are the newly added rules since version 1.6.0:

Moreover, the two following rules have been highly tuned:

  • “IDisposables” should be disposed
    This rule has been totally reworked, and now only supports a fixed set of “IDisposable” types and factory methods. Such as this issue, when the local variable “face” is not disposed in project Nancy:
    dispose
  • Unused method parameters should be removed
    This rule has been fixed to not report on methods that are assigned to delegates. And a code fix is also provided.
    Example of unused parameter from project Akka:
    unused_parameter

For more information, have a look to the release note or visit the dedicated SonarLint for Visual Studio web site.

Have fun with SonarLint !

SonarLint for IntelliJ 1.2 Released

January 25, 2016

SonarSource is pleased to announce the release of SonarLint for IntelliJ version 1.2.

As promised in the announcement of the previous version, this new version improves the triggering of analyses in order to fit more in the “IntelliJ-way” of doing things: by default, no need to hit a special key shortcut to analyze your code, SonarLint for IntelliJ automatically triggers the analysis when you stop typing for a couple of seconds. This way, impossible to forget to check your code quality! What’s more, issues are displayed as ticks on the right bar – exactly like any other issue in the code.

Another new feature of this version is the ability to quickly mute an issue when it is obvious that it’s a false-positive or an issue that can’t be fixed because the code is relevant in the context. This action actually adds a “NOSONAR” comment in your code:

SLI-1.2_MuteIssue

For more information, have a look to the release note or visit the dedicated SonarLint for IntelliJ web site.

Have fun with SonarLint !

SonarQube Scanner for Ant 1.4 Released

January 19, 2016
SonarSource is pleased to announce the release of the SonarQube Scanner for Ant version 1.4.
This new version offers better support for SonarQube (5.3+) instances configured to accept only HTTPS connections. With this version, SonarQube Scanner for Ant does not ignore the server certificate anymore – which was a security issue. It also now sends client certificates so that it is possible to implement scanner authentication based on certificates (using a proxy).
Please, read the release notes for more information.
Documentation is available on the product page.

SonarQube Scanner for Gradle 1.2 Released

January 19, 2016
SonarSource is pleased to announce the release of the SonarQube Scanner for Gradle version 1.2.
This new version offers better support for SonarQube (5.3+) instances configured to accept only HTTPS connections. With this version, SonarQube Scanner for Gradle does not ignore the server certificate anymore – which was a security issue. It also now sends client certificates so that it is possible to implement scanner authentication based on certificates (using a proxy).
Please, read the release notes for more information.
Documentation is available on the product page.

SonarQube Scanner for Maven 3.0.1 Released

January 19, 2016
SonarSource is pleased to announce the release of the SonarQube Scanner for Maven version 3.0/3.0.1.
This new version offers better support for SonarQube (5.3+) instances configured to accept only HTTPS connections. With this version, SonarQube Scanner does not ignore the server certificate anymore – which was a security issue. It also now sends client certificates so that it is possible to implement scanner authentication based on certificates (using a proxy).
Please, read the release notes for more information.
Documentation is available on the product page.

SonarQube Scanner 2.5 Released

January 19, 2016
SonarSource is pleased to announce the release of the SonarQube Scanner version 2.5.
This new version offers better support for SonarQube instances configured to accept only HTTPS connections. With this version, SonarQube Scanner does not ignore the server certificate anymore – which was a security issue. It also now sends client certificates so that it is possible to implement scanner authentication based on certificates (using a proxy).
Please, read the release notes for more information.
Documentation is available on the product page.

SonarQube JavaScript 2.10 Released

January 15, 2016

SonarSource is pleased to announce the release of the JavaScript plugin version 2.10.

This new version:

  • Automatically detects minified files and so exclude them from the analysis
  • Provides a new “Sonar Security Way” quality profile containing only rules targeting the detection of bugs or security vulnerabilities
  • And embeds 8 new rules

Those rules are :

Please read the release notes for more information. You can install or update it via the Update Center.

Documentation is available on the product page.

 

 

Page 1 of 4612345...102030...Last »