2025.5 at a glance
Boost security & supply chain defense
- Fortify your CI/CD pipelines by detecting vulnerabilities in GitHub Actions
- Gain superior accuracy and speed for JavaScript/TypeScript security
- Secure .NET desktop apps with WPF framework vulnerability detection
Reduce developer toil and improve productivity
- Update the server without breaking your CI/CD pipeline
- Accelerate Python automated reviews with a massive performance boost
- Optimize Python serverless functions in AWS Lambda
- Maintain high quality web apps by finding more issues in Angular code
Enterprise-ready compliance & governance
- Achieve compliance with expanded support for MISRA C++:2023
- Roll out Software Composition Analysis (SCA) at your own pace
- Control your messages in global in-product announcements
Why 2025.5 matters to you
This release is a strategic update for your entire software development lifecycle, packed with features designed to solve your most pressing challenges. Here’s why this release positively impacts your team.
For development teams: code faster with uninterrupted flow
Get ready for a massive productivity boost! We're introducing game-changing non-disruptive updates, which means you can finally embrace the latest SonarQube features without the fear of an update breaking your CI/CD pipeline. Feedback of your Python code’s health is about to get dramatically shorter with a huge performance boost, letting you iterate faster than ever. For JavaScript and TypeScript developers, our new next-gen security engine is now the default and delivers more accurate, actionable security feedback directly in your workflow. Angular developers writing front-end webapps gain increased coverage, finding more issues to find common problems and encouraging modern Angular patterns. Plus, you can now build more efficient and reliable serverless applications with specialized rules for AWS Lambda in Python, and secure your front-end .NET desktop applications with new support for the WPF framework.
For security & DevSecOps teams: fortify your entire software supply chain
This release delivers a monumental leap forward in security. You can now directly fortify your CI/CD pipelines against supply-chain attacks by detecting vulnerabilities and misconfigurations in your GitHub Actions workflows. Our next-generation security engine is now the default and provides a new level of confidence for JavaScript/TypeScript security, with superior accuracy and speed that means fewer false positives and more reliable findings. We are also empowering you to onboard Software Composition Analysis (SCA) at your own pace with new granular controls, allowing for a strategic, controlled rollout across your organization without overwhelming your teams.
For platform engineering & administrators: update and govern with confidence
We've solved one of your biggest operational headaches. With non-disruptive updates, you can now manage and communicate updates effectively, giving teams proactive visibility into changes and preventing a flood of support requests from broken builds. The new controls for rolling out SCA on an instance and per-project basis give you the power to manage a strategic adoption. Furthermore, you can now streamline communication and drive action across your entire user base by transforming the global announcement banner into a powerful tool with clickable links and markdown support, guiding users directly to critical resources.
For compliance teams & engineering leadership: accelerate business goals and reduce risk
Achieve and maintain compliance with unprecedented ease and visibility. We have expanded support for the latest MISRA C++:2023 guidelines, which is critical for accelerating time-to-market for safety-critical systems in industries like automotive. You can now significantly enhance the security posture of your entire software supply chain, minimizing the risk of breaches from compromised CI/CD pipelines. This release drives direct business value by enabling cost savings on AWS finding and fixing performance issues in serverless Python Lambda functions. And lastly, it reduces organizational risk by improving the security of your entire application portfolio, from the cloud to the desktop.
Start using SonarQube Server 2025.5 now!
The 2025.5 What's New page and our SonarQube Server release notes provide more details about the release.
Are you still using an older version of SonarQube Server? If you’re on an earlier version than the 2025.1 LTA release, update to the latest LTA before moving to the current release. Check out our LTA Update Hub for useful information on how to update.