Unified Security & Reporting

We’ve reimagined the developer workspace, deepened our language intelligence to catch subtle AI-generated bugs, and unified our security reporting to give you a comprehensive view of your software supply chain risk.

Developer experience & productivity

Reduce cognitive load, minimize context switching, and leverage AI to help software developers remediate issues faster than ever.

• Redesigned navigation and workspace experience: We have overhauled the SonarQube Server user interface to provide a unified, seamless platform experience. The horizontal top menu has been replaced with an intuitive vertical sidebar and a new context switcher. This enables software developers and leaders to instantly jump between portfolios and projects without losing their place, reducing cognitive load and accelerating issue discovery.
• Model-agnostic AI CodeFix: Accelerate your issue remediation by bringing intelligent, model-agnostic AI suggestions directly into your secure self managed environment. This ensures code vulnerabilities are patched quickly while keeping your proprietary source code completely shielded from external, public LLMs.

Expanded language and framework support

We have expanded our deep static analysis to support the latest enterprise programming languages and frameworks, specifically targeting the subtle bugs that modern AI coding assistants often introduce.

• Comprehensive Java 25 support & intelligence: Future-proof your codebase with error-free parsing and deep semantic analysis for Java 25 LTS. We've added critical rules designed to catch syntactically valid but semantically broken code—often generated by AI assistants trained on outdated APIs—preventing severe runtime crashes.
• Deepened Python web frameworks: Elevate your Python applications with 14 new rules for FastAPI, 8 new rules for Flask, and dedicated rules for Django. These additions enforce strict API contracts, ensure safe framework mechanics, and prevent sensitive data leaks in query parameters.
• First-class Groovy support: Extend code quality standards to your CI/CD pipelines with over 20 new code quality rules targeting Groovy base scripts.
• Enhanced Apex support for PMD parity: Consolidate your Salesforce development tooling into SonarQube. We now provide enterprise-grade Apex analysis that achieves PMD parity with a false-positive rate of less than 5%.

Enterprise security & governance

We are providing security leaders and compliance officers with the granular controls and holistic reporting needed to manage risk across both proprietary code and third-party dependencies.

• Structured in-code issue resolution (sonar-resolve): We are bridging the gap between developer convenience and rigorous enterprise auditability. Replacing the blind "all-or-nothing" NOSONAR comment, developers can now silence specific rules using a mandatory sonar-resolve comment and resolution status (e.g., accept or fp) directly in the code, which strictly syncs with the SonarQube UI.
• Unified dependency risks in security reports: Achieve a truly holistic view of your software's security posture. For customers with SonarQube Advanced Security, our industry-standard security reports now include Software Composition Analysis (SCA) data directly in them at the project, application and portfolio levels in both the SonarQube UI and exported PDFs, combining first-party code health with third-party dependency risks. Additionally, Software Bill of Materials (SBOM) and dependency risk info has been added to the project regulatory report download.
• Advanced SAST configurations for the Python top 1K: In SonarQube Advanced Security, w cxe are massively boosting security analysis accuracy for Python by expanding our Advanced Static Application Security Testing (ASAST) to support the top 1,000 most utilized libraries out-of-the-box. This greatly reduces false negatives by ensuring our SAST engine fully tracks tainted data flowing through complex third-party dependencies.

Details of 2026.2 release can be found in the SonarQube Server release notes.

Ready to experience the power of SonarQube Server? Get it today and find out.

Consider migrating to SonarQube Cloud. With the same enterprise-grade capabilities as Server, migrating once means never having to perform another manual version update again, ensuring your team always has immediate access to our latest innovations. Contact sales to discuss migrating now.