What’s new

Instantly get a high-level overview of your portfolio's health with the new one-click PDF report. It’s the perfect way to share key code quality metrics with your team and managers.

The report provides an aggregated view of your security, reliability, and maintainability ratings, along with metrics for coverage and duplication on both new and overall code. For deeper analysis, interactive links take you directly from the PDF to your SonarQube Cloud portfolio.

Find the "Download as PDF" button on your Portfolio Overview page. 

For how to access the report, and to see what's inside, check out the Community post.

For Enterprise plan users needing standardized, verifiable code health reports, SonarQube Cloud now offers easily downloadable regulatory reports.

The single .zip file contains:

• Regulatory report summary (PDF)
  • Overview of project's Quality Gate status, new code metrics, and overall code health, ready for presentation.
• Detailed findings (CSV files)
  • Comprehensive reports on open and resolved findings across Security, Reliability, and Maintainability issue types for both new and overall code.
• Configuration and analysis details (CSV & TXT files)
  • Details on Quality Gate conditions, Quality Profile rules, and analysis parameters for complete transparency.

This new feature enables teams to produce trusted, verifiable code quality reports, supporting compliance, governance, and traceability.

Generate your regulatory report by accessing the option via your project’s information page or via the branch summary overview.

Learn more, and view screenshots in our Community post.

We're excited to announce a significant update to SonarQube Cloud's secret detection. To deliver even stronger security coverage for your projects, we've introduced 89 new rules (active by default). This significantly boosts secret detection capabilities.

Your projects now benefit from over 400 distinct secret patterns, powered by a total of 346 rules.

Dive deeper into the details in our Community post.

SonarQube Cloud now supports taint analysis for Go, enabling you to detect injection vulnerabilities in your Go projects. 

Find supported injection rules here, with a complete list of Go security rules here.

Learn more in this Community post.

Enterprise plan users can now benefit from a streamlined setup flow for their SSO. 

Includes:

• A step-by-step configuration assistant
• Automatic configuration option with Metadata
• Connection validation step to eliminate misconfigurations

Learn more in this Community post, and SonarQube Cloud documentation.

Enterprise plan users can now directly generate and download Project Security report PDFs for their projects:

• Generate a detailed PDF security report for any project, capturing its overall security status.
• Customize the report by selecting the specific security standards you want to include, such as Sonar, OWASP Top 10 2021, CWE, and more.
• Surface actionable insights including:
  • An overview page that highlights 'Accepted' security issues and 'To Review' security hotspots.
  • A detailed breakdown of security issues by severity for each standard.
  • A summary of issues to address and hotspots to review, categorized by standard.

Learn more in this Community post and SonarQube Cloud documentation.