Blog post

Cloud native features in SonarQube 9.9 LTS

Clint Cameron photo

Clint Cameron

Product Marketing Manager

5 min read

  • Clean Code
  • SonarQube
  • Code Quality
  • Quality

The SonarQube 9.9 LTS brought many new features dedicated to helping you deliver Clean Code day after day. A lot of that functionality is centered around cloud native technologies including Infrastructure as Code (IaC). 

This article offers an overview of these benefits along with links so you can learn more about the features that interest you.  

SonarQube 9.9 LTS supports the following cloud native technologies:

Many of the cloud native based rules in v9.9 are security focused in the following areas:

Feature: Detect insecure configurations in your AWS CDK code

If you are describing your AWS infrastructure with the AWS CDK for Python or JavaScript/TypeScript, SonarQube 9.9 LTS will detect insecure configurations in the following domains:



  • S3 Buckets 
  • Encryption at Rest and at Transit (available since Nov 2022)
  • Permissions + Traceability (available since Nov 2022)

Feature: Detect injection vulnerabilities in your AWS Lambdas

AWS Lambdas can be the entry point of injection attacks. SonarQube v9.9 relies on the same Sonar Taint Analyzer engine used to find injection vulnerabilities in web applications to detect if some malicious inputs are injected in the entry points of AWS Lambdas written in Python or JS/TS. Serverless and SAM frameworks are supported.

JavaScript (Community Announcement)

Python (Community Announcement)

Feature: Detect Code Quality issues in all your Python and JavaScript/TypeScript code

Finding and fixing vulnerabilities to keep your users safe is super important and it’s also important to keep your codebase squeaky clean. SonarQube v9.9 includes hundreds of rules designed to find bugs and code smells in all your Python and JS/TS projects. These same rules are executed in the context of cloud native code so ALL of your source and test code is kept in a Clean Code state

The projects making up your cloud native apps likely combine code from many popular languages used today including Java, Go and Python. In all, SonarQube v9.9 can detect quality and security issues in over 30 languages, frameworks and cloud technologies. With Sonar, you get a complete, reliable Clean Code solution for all the projects in your organization.

Feature: Detect secrets/tokens in major cloud providers

Lastly, SonarQube detects secrets and tokens accidentally left in your cloud-based code before they make it out into the wild and into malicious hands. 

Clean Code for the Win!

Join the clean code movement, be intentional with the quality of your codebase and take pride in delivering cloud native apps in a safe, sustainable way. 

Thanks for reading and happy, clean, cloud native coding!

Pick a topic to discover more: