Start your free trial

Today, we are unveiling our most significant leap forward to date. We’ve spent the last year building out a platform specifically for the AI-native developer workflow to help your teams reach their full potential by closing the verification gap, ensuring every line of code is secure, healthy, and production-ready.

AI and agentic tools have permanently changed software development. They are accelerating the pace of code creation, but 96% of developers mistrust the accuracy of AI-generated code. As a result, development teams have shifted their attention from "how do we write more code" to "how do we trust the code we’re shipping." This Long-Term Active (LTA) release packages a year of breakthrough innovation into a single, hardened version, providing the stability and deep analysis required to turn AI-generated volume into a sustainable advantage.

Here is a quick view of the more exciting enhancements Sonar delivered in 2025 along with some net new features packaged together in the 2026.1 LTA release of SonarQube Server.

Ready for the AI and agentic SDLC

SonarQube Server’s new AI-native IDE integrations with Claude Code, Cursor, Windsurf, and Gemini solve the code verification bottleneck by bringing deep code intelligence directly into the modern developer workflow. By connecting your instance to the SonarQube MCP Server, AI agents can now query for code quality and security insights to ensure AI-generated code is production-ready. Accelerate issue remediation while maintaining complete data privacy with AI CodeFix in SonarQube, including directly in the IDE. By allowing organizations to "bring your own model" via Azure OpenAI, SonarQube provides automated AI-driven fix suggestions without sending code to external third parties. Together these AI forward looking coding capabilities bring you up to speed with how teams are developing in the new AI-native developer world.

Significantly enhanced code security

Strengthen your software supply chain with Advanced Security, including Software Composition Analysis (SCA), SBOM dependency reporting, and advanced SAST across all major languages: Java, Python, C#, and more, plus newly added SCA support for C and C++. The 2026.1 LTA release introduces proactive malicious package detection and updated advanced SAST for the top Java, C#, and Python libraries to provide highly relevant security findings. SonarQube’s secrets detection is now best in class with the ability to detect over 400 secrets patterns. By bringing dependency security risks directly into the IDE and identifying pipeline misconfigurations in GitHub Actions and Shell/Bash, SonarQube supports "security by design" across your entire CI workflow.

Dependable code quality

Drive engineering velocity with smarter analysis engines that understand complex code structures and intent. Python developers benefit from faster analysis and help creating more maintainable and performant code, while Java analysis now detects deep-seated bugs like null-dereferences across multiple function calls. With up to 50% faster analysis for JavaScript, TypeScript, Python and Kotlin analysis, teams take less time fixing issues and can focus more of their attention on delivering innovative features.

Expanded standards compliance

Automate adherence to global safety and security mandates to eliminate manual bottlenecks. The 2026.1 LTA release provides complete coverage of the MISRA C++:2023 standard, enabling safety-critical development for automotive, medical, and aerospace industries directly within the IDE. Over the last year, we’ve added reports for CWE Top 25 2024, OWASP Mobile Top 10, OWASP Top 10 2025, and STIG V6R3. Also new for the 2026.1 release, SonarQube includes reports for OWASP MASVS and the OWASP Top 10 for LLM standards, ensuring mobile and AI-powered applications meet the highest security benchmarks.

Broader language coverage

SonarQube continues to expand its reach to support modern enterprise tech stacks, including the introduction of full analysis for Rust and comprehensive support for Swift 5.9–6.2. The 2026.1 LTA release adds full compatibility for the latest language versions, such as C#14, .NET 10, Python 3.14, Java 22/23/24, and Dart 3.8, alongside expanded coverage for AI/ML frameworks like PyTorch and PySpark. Improved visibility into .NET test results and support for Jupyter Notebooks in PyTorch ensures that quality standards are maintained across every corner of the organization.

Deeper DevOps integrations

Optimize platform engineering with deeper toolchain connectivity. The new JFrog integration for evidence collection, code health status updates in Slack, and pushing SonarQube issues and status updates into Jira tickets allow software development teams to manage code quality and security as a seamless part of their existing everyday workflow.

Optimized platform operations

Performing updates to the latest version is smoother than ever because newly discovered issues as a result of the changed rules in the update are placed in a sandbox before they cause your quality gates to fail. Plus SonarQube Server can run in IPv6 only environments and deliver custom in-app product news to your teams.

Update to the 2026.1 LTA today

SonarQube Server 2026.1 LTA is built to support developers and generative AI tools as they work in synergy. It is the essential verification layer for any organization looking to move fast without sacrificing code health. Update your instance to the latest LTA today, or check out more details on the What’s New page and our detailed LTA release documentation.

Are you still using an older version of SonarQube Server?

If you’re on a version older than 2025.1, update to SonarQube Server 2025.1 LTA before updating to the latest 2026.1 LTA. Check out our LTA Update Hub on useful tips to make your update go smoothly. 

Register for the LTA Webinar

Join our live webinar on Feb. 18th at 10:00 AM CST where we will walk you through all the great stuff in the 2026.1 LTA release.