What’s new

We're introducing customizable project dashboards in SonarQube Cloud, now rolling out in beta for Enterprise plan customers.

This feature gives engineering managers, tech leads, and security champions the strategic visibility needed to:

• Monitor health: Get a single view to monitor key code health metrics.
• Identify risk: Surface project risks for quick assessment and action.
• Communicate progress: Share project status and report on code health to stakeholders.

Find the new Dashboards item in your project's main branch menu to see the built-in Project health dashboard, or start creating your own.

This feature is in beta as we build a foundation for new widgets and pre-built dashboards. 

For more information, please see the dashboards documentation and the Community post. We welcome all your thoughts, requests, and feedback on our dedicated Portal card.

Salesforce developers: we’ve just added new rules for Apex, increasing the total to 97. 

Of these new rules, 39 are active by default in the Sonar way quality profile, helping you write more maintainable and reliable code. 

Run a fresh analysis on your Apex projects to see them in action.

These new rules are currently in beta and available with the Enterprise plan. As we continue to assess their quality, your feedback is essential:

• For false positives: Please mark the issue using the dialog box and check the box to share your reasoning and the code with us.
• For general feedback: Please comment on our community forum thread.

You can see all 97 Apex rules in our rules database.

You can now restrict access to your SonarQube Cloud enterprise based on the source IP address, helping you improve security and meet compliance requirements. This feature is now available in beta to all customers on the Enterprise plan.

With IP allow lists, you can:

• Secure Access: Restrict SAML SSO authentication and personal access tokens to approved IP addresses only.
• Prevent unauthorised entry: Block unwanted or unauthorized access attempts from unknown network sources.
• Maintain control: Fully manage and define your list of permitted IP addresses or ranges.

Enterprise administrators can configure this by navigating to Administration > IP Allow List. 

For detailed examples, instructions and beta limitations, refer to our documentation, as well as this Community post.

We’ve just added 33 new rules for Ruby and Ruby on Rails, increasing the total to 75. These new rules are designed to help you write more maintainable and reliable code. Run a fresh analysis on your Ruby projects to see them in action.

These new rules are currently in "beta" as we continue to assess their quality. Your feedback is important to us as we finalize them:

• For false positives: Please mark the issue in SonarQube Cloud. In the dialog box, check the box to share your reasoning and the code with us so we can improve the rules.
• For general feedback: Please share your thoughts on our community forum thread.

You can see all 75 Ruby rules in our rules database.

Announcing a powerful new way to manage your codebase at scale: dynamic, parameter-based portfolios are now available in SonarQube Cloud Enterprise. This feature significantly simplifies getting an aggregated view of the projects you care about.

• Define portfolios using three new methods: Using project tags, organizations, or with regular expressions (RegEx) that match project keys.
• Automatic updates: Portfolios automatically add or remove projects as their tags or keys change, ensuring your view is always current without manual intervention.
• Gain an enterprise-wide perspective. Create a single portfolio that spans multiple organizations to gain a comprehensive, top-level view of specific initiatives across your entire business.

To get started, ensure you have permissions to manage Portfolios. Navigate to your Portfolios page (e.g., via “My Portfolios” from the main header) and click “Create Portfolio”. You will then see the new options to define your portfolio dynamically.

Discover more here

Ensure your CI/CD pipelines run without interruption using Scoped Organization Tokens (SOTs), a secure and scalable way to manage authentication for automated processes. Available for our Team and Enterprise plans, SOTs are not tied to individual user accounts, preventing broken builds when a team member leaves the organization.

With SOTs, you can:

• Ensure CI/CD continuity. Create tokens at the organization level, decoupled from individual users, to keep your automation running smoothly even when team members change.
• Enhance security with granular permissions. Apply the principle of least privilege by creating tokens with specific, limited scope - starting with analysis permission - to reduce your security risk.
• Simplify token management. Centrally create, view, and revoke all organization tokens from a single location, giving administrators full visibility and control.

Discover more in this blog post. For further details check out our documentation and this Community post.