What’s new

We have expanded our accessibility (a11y) ruleset to move compliance from a late-stage bottleneck to early-stage detection. 

With 114 total rules for HTML, CSS, and JSX, SonarQube Cloud now provides:

• WCAG 2.1 A: 60% coverage (18 of 30 requirements).
• WCAG 2.1 AA: 52% coverage (26 of 50 requirements).
• WCAG 2.1 AAA: 38% coverage (30 of 78 requirements). 

This expanded coverage helps organizations proactively manage legal risk, and build inclusive products with less friction and lower costs.

Community post

You can now safely adopt the latest Microsoft language advancements with version 10.18 of our .NET analyzer.

• New language features: Full analysis for the field keyword, null-conditional assignments, expression blocks, and partial events.
• Actionable intelligence: We updated over 300 rules to eliminate false positives, ensuring your quality findings are accurate even when using new language constructs.
• Quality improvements: This update reduces the noise of incorrect alerts, making it easier to migrate your codebase to the newest runtime.

Community post

Major internal improvements to our JavaScript and TypeScript analyzers have reduced I/O overhead, significantly increasing analysis speed across projects of all sizes:

• Scalable performance: While smaller projects see immediate gains, the largest codebases benefit most, with projects of 1 million lines of code seeing analysis times drop by 40%.
• Optimized detection: A next-generation taint analysis engine improves both accuracy and speed when identifying security issues for Angular and accessibility standards.
• Consistent gains: Projects ranging from 10k to 500k lines of code see speed improvements between 17% and 22%.

Community post

We have released 14 new FastAPI rules and expanded our Flask support with 8 rules to help developers reduce their attack surface, and prevent "silent" logic errors.

• Vulnerability prevention: New rules prevent sensitive data leaks by moving credentials out of URL logs and into request bodies.
• Infrastructure hardening: Rules ensure apps are not accidentally exposed to the public internet, and that CORS headers are correctly configured.
• Reliability: Catch signature mismatches early, and ensure worker processes or route registrations do not fail silently in production.

Check out these Community posts to learn more: Fast API rules | Flask rules

Stay current with the latest Java LTS using our new dedicated rules for Java 25, covering:

• Modernized concurrency: New rules for scoped values help prevent logic errors in concurrent contexts.
• Enhanced object integrity: Rules for flexible constructor bodies ensure validation logic is handled safely before object initialization.
• Cleaner modularity: Support for module import declarations promotes more readable and maintainable code in modular applications.

Discover more in this Community post

We’ve renamed the legacy Free plan in SonarQube Cloud to SonarQube for OSS. This change is now effective for all existing users currently on this plan.

This update better reflects our commitment to supporting open source projects. Users will see this new plan name reflected immediately in the Billing and upgrade tab within their organization settings.

Note: This is a naming update only. Users will see no change to their existing features, project access, or analysis capabilities.

See here for details on all our plan offerings, plus the supporting Community announcement.