What’s new
Discover the latest features released in SonarQube Cloud
July 16, 2025
SonarQube Cloud now detects over 400 secret patterns
We're excited to announce a significant update to SonarQube Cloud's secret detection. To deliver even stronger security coverage for your projects, we've introduced 89 new rules (active by default). This significantly boosts secret detection capabilities.
Your projects now benefit from over 400 distinct secret patterns, powered by a total of 346 rules.
Dive deeper into the details in our Community post.
July 09, 2025
Detecting injection vulnerabilities in Go projects
SonarQube Cloud now supports taint analysis for Go, enabling you to detect injection vulnerabilities in your Go projects.
Find supported injection rules here, with a complete list of Go security rules here.
Learn more in this Community post.
July 08, 2025
Enhanced Single Sign On (SSO)
Enterprise plan users can now benefit from a streamlined setup flow for their SSO.
Includes:
- A step-by-step configuration assistant
- Automatic configuration option with Metadata
- Connection validation step to eliminate misconfigurations
Learn more in this Community post, and SonarQube Cloud documentation.
June 27, 2025
Project Security report downloadable PDFs now available for Enterprise users.
Enterprise plan users can now directly generate and download Project Security report PDFs for their projects:
- Generate a detailed PDF security report for any project, capturing its overall security status.
- Customize the report by selecting the specific security standards you want to include, such as Sonar, OWASP Top 10 2021, CWE, and more.
- Surface actionable insights including:
- An overview page that highlights 'Accepted' security issues and 'To Review' security hotspots.
- A detailed breakdown of security issues by severity for each standard.
- A summary of issues to address and hotspots to review, categorized by standard.
Learn more in this Community post and SonarQube Cloud documentation.
June 10, 2025
SonarQube Cloud now analyzes “dotfiles” for secrets.
Secret detection capabilities have been enhanced. The updated analysis engine now scans dotfiles and files within dot paths for leaked secrets.
These files and paths, such as .env, .credentials, .npmrc, and .github/workflows, are frequently used to store sensitive information like API keys, passwords, and other credentials. The improved analysis can, for example, detect credentials in .env files, and GitHub tokens in .gitconfig files. This helps developers keep their code secure and prevent the exposure of sensitive information.
It is recommended to run a fresh analysis on projects to benefit from this enhanced level of protection.
Additional details can be found in the Community post.
June 05, 2025
Announcing Sonar Dataflow Bug Detection (DBD) engine 2.0 - Enhanced bug detection for Java and Python code.
Sonar Dataflow Bug Detection (DBD) engine 2.0 has been released, providing more precise bug detection. This update notably improves bug detection for Java and Python code, both human and AI-generated, resulting in more relevant findings.
Initial results, documented in a blog post, show a significant increase in true positives and a decrease in false positives.
Additional details can be found in the Community post.
Get quick and insightful SonarQube Cloud updates delivered directly to your inbox
SonarQube Cloud product news shares the most important product updates and the latest helpful content, allowing you to get the most out of your SonarQube Cloud plan.