What’s new

Now, when you click into a project, you will be presented with a project health dashboard, with visual insights. This shift gives you immediate visibility into your project’s health, surfacing critical trends and metrics the moment you enter a project.

Key highlights:

• Visual-first experience: The project landing page now functions as a command center, surfacing critical metrics and trends as soon as a project is selected.
• Universal availability: This new landing page experience is live for Free, Team, and Enterprise plans.

This feature is being released in stages between now and March 8 to ensure a smooth transition for all users.

Note: while the updated overview will become the standard for all users, custom dashboards and additional dashboard views remain exclusive to the Enterprise plan.

Learn more with this Community post

SonarQube Cloud is rolling out the automatic provisioning and analysis of new GitHub repositories.

This feature is designed to eliminate the manual steps previously required to onboard new projects, ensuring consistent analysis coverage from the moment a repository is created.

Key Functional Benefits:

• Zero-touch setup: When a new repository is created in your GitHub organization, a corresponding SonarQube Cloud project is provisioned automatically.
• Day 1 analysis: The initial analysis is triggered immediately upon repository creation, providing instant feedback on the first commit.
• Improved governance: Admins no longer need to manually track or "find" new projects created by development teams; all new projects, and code, are captured by default.

Note: This is enabled by default for all new organizations. To enable it for existing Organizations: navigate to Administration > Organization Settings > Organization Binding and toggle on Auto-import new repositories.

For further details, please see the documentation and Community post.

We have expanded our accessibility (a11y) ruleset to move compliance from a late-stage bottleneck to early-stage detection. 

With 114 total rules for HTML, CSS, and JSX, SonarQube Cloud now provides:

• WCAG 2.1 A: 60% coverage (18 of 30 requirements).
• WCAG 2.1 AA: 52% coverage (26 of 50 requirements).
• WCAG 2.1 AAA: 38% coverage (30 of 78 requirements). 

This expanded coverage helps organizations proactively manage legal risk, and build inclusive products with less friction and lower costs.

Community post

You can now safely adopt the latest Microsoft language advancements with version 10.18 of our .NET analyzer.

• New language features: Full analysis for the field keyword, null-conditional assignments, expression blocks, and partial events.
• Actionable intelligence: We updated over 300 rules to eliminate false positives, ensuring your quality findings are accurate even when using new language constructs.
• Quality improvements: This update reduces the noise of incorrect alerts, making it easier to migrate your codebase to the newest runtime.

Community post

Major internal improvements to our JavaScript and TypeScript analyzers have reduced I/O overhead, significantly increasing analysis speed across projects of all sizes:

• Scalable performance: While smaller projects see immediate gains, the largest codebases benefit most, with projects of 1 million lines of code seeing analysis times drop by 40%.
• Optimized detection: A next-generation taint analysis engine improves both accuracy and speed when identifying security issues for Angular and accessibility standards.
• Consistent gains: Projects ranging from 10k to 500k lines of code see speed improvements between 17% and 22%.

Community post

We have released 14 new FastAPI rules and expanded our Flask support with 8 rules to help developers reduce their attack surface, and prevent "silent" logic errors.

• Vulnerability prevention: New rules prevent sensitive data leaks by moving credentials out of URL logs and into request bodies.
• Infrastructure hardening: Rules ensure apps are not accidentally exposed to the public internet, and that CORS headers are correctly configured.
• Reliability: Catch signature mismatches early, and ensure worker processes or route registrations do not fail silently in production.

Check out these Community posts to learn more: Fast API rules | Flask rules