What’s new

As part of our ongoing commitment to enhancing security and enabling more controlled network access, we are introducing support for static IPs for outgoing calls to supported DevOps platforms such as GitHub, GitLab, Azure DevOps Services, and BitBucket Cloud. 

This feature empowers organizations to whitelist specific static IPs, adding an additional layer of security to restrict traffic sources that can access their resources. 

The list of IP addresses is as follows (and documented here):

• 3.122.211.192
• 35.158.229.250
• 18.196.105.168
• 3.68.134.44
• 3.74.220.70
• 3.74.69.101

In addition, we have added those addresses to our SonarQube Cloud GitHub App, so they will be automatically applied if you have selected the “Enable IP allow list configuration for installed GitHub Apps” option for your GitHub organization.

For additional questions please visit this Community announcement.

SonarQube Cloud now benefits from new rules to help you write more intentional and consistent Dockerfiles, covering Reliability and Maintainability.

For further information and a full list of rules, please refer to this Community announcement.

SonarQube Cloud can now detect 110 secret patterns across 60 cloud providers. 

Leveraging 60 rules, together with SonarQube for IDE in the IDE, this represents a powerful combination for detecting and fixing issues.

For further information and a list of rules, please refer to this Community announcement.

To help keep your ASP.NET Core MVC, Razor, and Blazor applications clean, SonarQube Cloud has introduced support for analysis of .cshtml and .razor files in .NET projects. 

For further information and a list of rules, please refer to this Community announcement.

SonarQube Cloud can now detect 67 secret patterns across 29 cloud providers. 

Leveraging a new Sonar open-source secret detection engine, SonarQube Cloud delivers a powerful approach to identify potential security vulnerabilities related to secrets and sensitive information.

For further information, and a list of rules, please refer to this Community announcement.

SonarQube Cloud now supports the scanning of AzureResourceManager templates and Bicep files with the introduction of 12 dedicated rules specifically designed to avoid security misconfiguration.

For further information, and a list of rules, please refer to this Community announcement.