What’s new

Advanced Security is now generally available as a subscription for the Enterprise plan. Secure your software supply chain by identifying vulnerabilities in both your own code and its third-party open source dependencies, all within your existing workflow.

Advanced Security builds on SonarQube Cloud’s existing security features to provide even more comprehensive protection:

• Discover vulnerabilities in your dependencies. Automatically detect known vulnerabilities (CVEs) and license compliance issues in your third-party open source libraries with Software Composition Analysis (SCA).
• Uncover complex security hotspots. Find deeper vulnerabilities that arise from the interaction between your code and open source library code with advanced SAST.
• Streamline your security workflow. Analyze your entire codebase—first-party, third-party, and AI-generated—in one place, reducing tool sprawl and keeping developers in their flow.

Learn more in this blog post, and Community post.

Receive real-time notifications on your analysis results directly in Slack, helping your team shorten its feedback loop and act on issues faster.

With this integration, you can:

• Get instant Quality Gate updates. Receive notifications when your main branch's Quality Gate changes state.
• Reduce context switching. Act on findings with rich context directly from your Slack workspace, without checking email.
• Connect in seconds. Search for the SonarQube Cloud app in Slack to add it to your workspace and configure project notifications

Discover more here

Directly transform SonarQube findings into Jira tickets in seconds. Our new integration bridges the gap between code analysis and project management, eliminating context switching for your team and streamlining your workflow.

With this integration, you can:

• Create Jira tickets directly from SonarQube. Push a single finding or group multiple issues into one work item.
• Gain instant release readiness insights. The new Jira release widget on your main branch displays information on your upcoming Jira versions at a glance.
• Connect projects effortlessly. Securely bind your SonarQube organization and projects to your Jira Cloud instance.

Get started by having an administrator connect your SonarQube organization to your Jira Cloud instance from the organization's administration settings.

For detailed setup instructions and to explore all new features, refer to our Community post and documentation.

Instantly get a high-level overview of your portfolio's health with the new one-click PDF report. It’s the perfect way to share key code quality metrics with your team and managers.

The report provides an aggregated view of your security, reliability, and maintainability ratings, along with metrics for coverage and duplication on both new and overall code. For deeper analysis, interactive links take you directly from the PDF to your SonarQube Cloud portfolio.

Find the "Download as PDF" button on your Portfolio Overview page. 

For how to access the report, and to see what's inside, check out the Community post.

For Enterprise plan users needing standardized, verifiable code health reports, SonarQube Cloud now offers easily downloadable regulatory reports.

The single .zip file contains:

• Regulatory report summary (PDF)
  • Overview of project's Quality Gate status, new code metrics, and overall code health, ready for presentation.
• Detailed findings (CSV files)
  • Comprehensive reports on open and resolved findings across Security, Reliability, and Maintainability issue types for both new and overall code.
• Configuration and analysis details (CSV & TXT files)
  • Details on Quality Gate conditions, Quality Profile rules, and analysis parameters for complete transparency.

This new feature enables teams to produce trusted, verifiable code quality reports, supporting compliance, governance, and traceability.

Generate your regulatory report by accessing the option via your project’s information page or via the branch summary overview.

Learn more, and view screenshots in our Community post.

We're excited to announce a significant update to SonarQube Cloud's secret detection. To deliver even stronger security coverage for your projects, we've introduced 89 new rules (active by default). This significantly boosts secret detection capabilities.

Your projects now benefit from over 400 distinct secret patterns, powered by a total of 346 rules.

Dive deeper into the details in our Community post.