What’s new

To help keep your ASP.NET Core MVC, Razor, and Blazor applications clean, SonarQube Cloud has introduced support for analysis of .cshtml and .razor files in .NET projects. 

For further information and a list of rules, please refer to this Community announcement.

SonarQube Cloud can now detect 67 secret patterns across 29 cloud providers. 

Leveraging a new Sonar open-source secret detection engine, SonarQube Cloud delivers a powerful approach to identify potential security vulnerabilities related to secrets and sensitive information.

For further information, and a list of rules, please refer to this Community announcement.

SonarQube Cloud now supports the scanning of AzureResourceManager templates and Bicep files with the introduction of 12 dedicated rules specifically designed to avoid security misconfiguration.

For further information, and a list of rules, please refer to this Community announcement.

We are pleased to announce the release of Automatic Analysis for C and C++ projects!

Available for all GitHub users, a one-click analysis is possible, removing the need to configure a CI-based analysis. Saving considerable time and effort, Automatic Analysis is free for public projects.

SonarQube Cloud now supports Automatic Analysis for 21 languages, including (C, C++, Java, JavaScript, TypeScript, Python, and C#).

For further information, please refer to the SonarQube Cloud documentation and this Community announcement.

We have introduced a new mandatory step during project onboarding as part of the Sonar Clean as You Code (CaYC) methodology. Intended to help teams focus on the most relevant issues, now when adding a new project from the SonarQube Cloud UI you will be asked to select a New Code Definition (NCD). The organization's default NCD will be proposed if compatible with the CaYC methodology.

For further information, please refer to this Community announcement.

Please note that, following the deprecation of Java 11, the support for Java 11 as a runtime environment for the Sonar scanners will end on 31st October 2023. We encourage you to migrate your scan pipelines to at least Java 17 as soon as possible. 

It’s important to clarify that this does not affect the Java version targeted by your project code.  It relates only to the JDK or JRE that is installed and used when running the SonarQube Cloud scanner analysis tool. You can still scan Java 11 projects.

For further information, please refer to the SonarQube Cloud documentation and the Community announcement.