Today, we are thrilled to announce the release of SonarQube Server 2026.2. This release brings a redesigned developer workspace, expanded analysis to catch hard-to-spot bugs in more languages and frameworks, and updated security reporting that covers both your code and third-party dependencies.
Developer experience & productivity
This release makes it easier to navigate the platform and faster to act on issues.
- Redesigned navigation and workspace experience: We've overhauled the UI with an intuitive vertical sidebar and a new context switcher. Software developers and leaders can instantly jump between portfolios and projects without losing their place, reducing cognitive load and accelerating issue discovery.
- Model-agnostic AI CodeFix: Spend less time researching and more time building. We are introducing intelligent, model-agnostic remediation suggestions directly within your secure self-managed environment. This ensures code vulnerabilities are patched quickly while your proprietary source code remains safely behind your firewall, completely shielded from public LLMs.
Expanded language and framework support
We have expanded to support the latest enterprise frameworks, specifically targeting the subtle bugs introduced by modern AI coding assistants.
- Comprehensive Java 25 support: Safely adopt Java 25 LTS paradigms with error-free parsing and deep semantic analysis. We've added critical rules to catch syntactically valid but semantically broken code, often generated by AI assistants trained on outdated preview APIs, preventing severe runtime crashes.
- Deepened Python web frameworks: Elevate your Python applications from merely functional to production-resilient. We've added extensive new rules for FastAPI, Flask, and Django to enforce API contracts, ensure RESTful compliance, and harden infrastructure against data leaks.
- First-class Groovy support:: Extend code quality standards to your DevOps pipelines with over 20 new quality rules for Groovy.
- Enhanced Apex support: For Salesforce teams, our enhanced Apex support achieves PMD parity with a false-positive rate of less than 5%, allowing you to consolidate all development tooling into a single platform.
Enterprise security & governance
Software security leaders and compliance officers now have the granular controls and holistic reporting needed to manage risk across both proprietary code and third-party dependencies.
- Structured in-code issue resolution (
sonar-resolve): We are replacing the blind "all-or-nothing"NOSONARcomment. Software developers can now usesonar-resolveto silence specific rules with a mandatory status directly in the code. This bridges the gap between frictionless developer workflows and the rigorous auditability required by compliance standards like MISRA C++:2023. - Unified dependency risks in security reports: SonarQube Advanced Security customers gain a holistic view of their software's security posture. Our executive-ready reports and exported PDFs now natively weave Software Composition Analysis (SCA) data together with first-party code health info, reflecting the true risk of your entire software supply chain. Additionally, Software Bill of Materials (SBOM) and dependency risk data is now included in the project regulatory report download.
- Advanced SAST configurations for Python top 1K: We've massively boosted security analysis accuracy for Python. The Advanced SAST engine in SonarQube Advanced Security now tracks tainted data out-of-the-box across the top 1,000 most utilized Python libraries, greatly reducing false negatives without requiring manual setup.
Update or migrate today
Update your instance to SonarQube Server 2026.2 today to take advantage of these new capabilities.
Learn about migrating to SonarQube Cloud—same enterprise capabilities, with automatic updates so your team always has access to the latest features without managing another version update. Contact sales to discuss migrating now.
