What’s new

SonarQube Cloud Enterprise now lets organization administrators verify ownership of their corporate email domain directly within the SSO setup wizard — no support contact required.

Verification immediately removes login friction for your team: once your domain is verified, SonarQube Cloud trusts the identity authenticated by your Identity Provider and skips redundant OTP prompts for users on that domain. It also establishes the foundation for upcoming corporate security policy enforcement across all users under your domain.

What's new:

• Domain verification in the SSO wizard: A dedicated domain verification step is now built into the SSO configuration flow, giving you a clear, self-serve path to register and prove ownership of your corporate domain.
• OTP prompts skipped for verified domains: Users no longer encounter extra one-time password steps during post-login actions. SonarQube Cloud implicitly trusts identities authenticated by your IdP for verified domains.
• Fully self-serve: Domain-level trust settings are managed directly from your admin console — no need to contact support.
• Foundation for future policy enforcement: Completing domain verification today prepares your organization for upcoming controls that will govern identity and access policies across all users under your corporate domain.

Where to find it: Go to Administration > Authentication / SSO in your organization settings, and follow the Domain Verification step in the setup wizard.

For more details, see the documentation and the Community post.

You can now bulk import projects from a GitLab group into SonarQube Cloud, letting you import multiple GitLab projects in a single step and giving your teams code quality and security coverage across multiple projects at once.

• Import at scale – bulk-import all existing projects within a GitLab group (including subgroups) instead of setting up each project individually.
• See a clear summary of imported projects and anything that needs attention before you finalize.

If you manage many GitLab groups, you can run bulk import per group to quickly cover your entire GitLab footprint.

We invite you to discover more here.

SonarQube Cloud Enterprise now supports OIDC-based Single Sign-On (SSO). 

This integration enables organizations to delegate authentication to a central Identity Provider (IdP), ensuring that access to SonarQube Cloud aligns with corporate security standards and governance requirements.

Key capabilities:

Protocol support: Full compatibility with OpenID Connect (OIDC) standards for identity federation.

Security policy enforcement: Automatically apply IdP-level controls, including Multi-Factor Authentication (MFA), Conditional Access policies, and specific session duration limits.

IdP compatibility: Support for major OIDC-compliant providers such as Okta.

Lifecycle management: Centralize user provisioning and de-provisioning. Access to SonarQube Cloud is governed by the user’s status within the corporate directory, ensuring immediate access revocation upon offboarding.

Simplified authentication: Users authenticate via their existing corporate identity, reducing credential sprawl and administrative overhead.

For more information, please refer to this Community post

Architecture management in SonarQube Cloud now automatically discovers your current architecture without automation in your CI/CD pipeline, allowing your team to define intended architecture and resolve architectural deviations directly within your existing workflow.

It provides an interactive, living architecture map that enforces architectural integrity natively as you code.

• Automatic scans: Connect directly to your repository and trigger automatic architecture analysis on every branch and PR, bypassing the need for automation configuration in your CI/CD pipeline.
• Interactive architecture map: Generate a real-time visual representation of component relationships, coupling, and cohesion produced directly from your code, rather than relying on stale documentation.
• Continuous enforcement loop: Define your intended architecture, intended relationships, and receive immediate feedback when code deviates from your intended architecture.
• Language support: Available out-of-the-box for repositories utilizing Java, JavaScript, TypeScript, Python, and C#.

How to activate: Available now on SonarQube Cloud in all plans for all projects using automatic analysis. Visit the Architecture tab within your project settings to view your interactive architecture map. No other configuration is necessary.

Check out the Community post for further information.

The development of safety-critical systems, such as ADAS and medical devices, increasingly requires the efficiency of modern C++17. To support this need, we have released complete support for the MISRA C++:2023 standard in SonarQube Cloud. 

SonarQube Enterprise plan now provides 100% coverage of all 179 MISRA C++:2023 guidelines, which define a safe subset of the C++17 language for building mission-critical apps.

Feature Details:

• Compliant C++17 adoption: Developers can safely use modern C++17 features, ensuring that syntax like structured bindings strictly conforms to all 179 MISRA C++:2023 guidelines.
• "Start left" IDE integration: SonarQube surfaces compliance checking directly within the developer's IDE. This provides immediate feedback on guideline violations, allowing developers to resolve non-compliant code locally prior to commit.
• Automated pipeline enforcement: MISRA compliance checks integrate directly into your CI/CD workflow. SonarQube automatically verifies every branch and pull request, guaranteeing that all code—including AI-generated implementations—meets the specified safety standards before merging.
• Unmatched Precision: Enjoy industry-leading, low false-positive rates so you can focus only on genuine safety concerns.

Availability: Support for MISRA C++:2023 compliance checking is available immediately for users with the SonarQube Cloud Enterprise plan.

Check out the Community post and this webpage for further details.

Introducing customizable portfolio dashboards in SonarQube Cloud, now rolling out in beta for Enterprise plan customers.

This feature provides engineering leaders with a high-level source of truth by aggregating health metrics across hundreds or thousands of projects, curated into a portfolio. Use these dashboards to:

• Aggregate health: Get a consolidated view of key metrics—reliability, security, maintainability, and coverage—across your entire portfolio.
• Visualize trends: Use a library of drag-and-drop widgets, including historical line graphs and donut charts, to track collective progress.
• Curate visibility: Build and save custom dashboards tailored to specific organizational goals or stakeholder needs.

Find the new dashboards item in your portfolio’s sidebar menu to see the built-in health view, or start creating your own.

This feature is in beta as we continue to expand our library of widgets and pre-built views.

For more information, please see the dashboards documentation and the Community post.