What’s new

SonarQube Cloud now includes an embedded version of our Model Context Protocol (MCP) server, allowing you to connect your AI assistants to deep code insights without any local setup.

This delivers a centralized and secure way for your team to leverage AI-driven code quality and security data.

Key Functional Benefits:

• Centralized access: Enable MCP-powered insights for your entire development team through a single, managed cloud entry point. This ensures a consistent experience across the organization without per-user configuration.
• Docker-free deployment: Eliminate the friction of local software requirements. The embedded server is the ideal solution for secure enterprise environments where corporate policies or hardware constraints prevent developers from running Docker locally.
• Seamless AI connectivity: Securely bridge your preferred AI tools—such as GitHub Copilot, Claude, or other LLMs—to SonarQube insights with zero local overhead.

For further details, please see the documentation and blog post.

Architecture management in SonarQube Cloud automatically discovers your current structure, allowing your team to define intended designs and resolve deviations directly within your existing workflow.

It provides a living structural map that governs both developer and AI development, enforcing architectural integrity directly within your workflow with:

Evergreen visual maps: Automatically create a real-time visual structure map of your project's actual architecture that updates with every scan.

Prevent architectural drift: Define your intended architecture and receive immediate feedback in Quality Gates when code violates structural design.

Accelerate onboarding: Provide new developers with an instant, navigable view of the system.

In-workflow resolution: Empower developers to fix structural debt as they code, avoiding costly future rewrites and keeping innovation on track.

How to activate: Visit the Architecture tab within your project settings to begin the four-stage process: discover, formalize, prioritize, and fix.

Check out this Community post and documentation for more information.

Now, when you click into a project, you will be presented with a project health dashboard, with visual insights. This shift gives you immediate visibility into your project’s health, surfacing critical trends and metrics the moment you enter a project.

Key highlights:

• Visual-first experience: The project landing page now functions as a command center, surfacing critical metrics and trends as soon as a project is selected.
• Universal availability: This new landing page experience is live for Free, Team, and Enterprise plans.

This feature is being released in stages between now and March 8 to ensure a smooth transition for all users.

Note: while the updated overview will become the standard for all users, custom dashboards and additional dashboard views remain exclusive to the Enterprise plan.

Learn more with this Community post

SonarQube Cloud has launched the automatic provisioning and analysis of new GitHub repositories.

This feature is designed to eliminate the manual steps previously required to onboard new projects, ensuring consistent analysis coverage from the moment a repository is created.

Key Functional Benefits:

• Zero-touch setup: When a new repository is created in your GitHub organization, a corresponding SonarQube Cloud project is provisioned automatically.
• Day 1 analysis: The initial analysis is triggered upon repository creation, providing instant feedback on the first commit.
• Improved governance: Admins no longer need to manually track or "find" new projects created by development teams; all new projects, and code, are captured by default.

Note: This is enabled by default for all new organizations. To enable it for existing Organizations: navigate to Administration > Organization Settings > Organization Binding and toggle on Auto-import new repositories.

For further details, please see the documentation, video and Community post.

We have expanded our accessibility (a11y) ruleset to move compliance from a late-stage bottleneck to early-stage detection. 

With 114 total rules for HTML, CSS, and JSX, SonarQube Cloud now provides:

• WCAG 2.1 A: 60% coverage (18 of 30 requirements).
• WCAG 2.1 AA: 52% coverage (26 of 50 requirements).
• WCAG 2.1 AAA: 38% coverage (30 of 78 requirements). 

This expanded coverage helps organizations proactively manage legal risk, and build inclusive products with less friction and lower costs.

Community post

You can now safely adopt the latest Microsoft language advancements with version 10.18 of our .NET analyzer.

• New language features: Full analysis for the field keyword, null-conditional assignments, expression blocks, and partial events.
• Actionable intelligence: We updated over 300 rules to eliminate false positives, ensuring your quality findings are accurate even when using new language constructs.
• Quality improvements: This update reduces the noise of incorrect alerts, making it easier to migrate your codebase to the newest runtime.

Community post