This release is strategically focused on integrating quality and security seamlessly into the Software Development Lifecycle (SDLC), ensuring your teams can deliver secure code faster and with complete confidence.
All features are available in all SonarQube Server editions: Developer, Enterprise, and Data Center, unless otherwise stated.
Deeper workflow integration and faster feedback
We’ve reduced developer friction with faster analysis and deeper integrations into popular developer tools.
Jira Cloud integration
Establishes a secure, app-based connection between SonarQube Server and Jira Cloud, enabling a secure, one-click workflow to transform code issues into actionable Jira tickets. No more manual copy-pasting, this capability instantly turns a code issue into a trackable ticket in Jira without leaving your workflow.
Slack integration
Delivers real-time notifications for quality gate status changes (failed, or failed-to-passed) directly into Slack channels. Get instant, actionable feedback in Slack, a primary communication tool, when your quality gate fails, allowing for quicker action.
JS/TS analysis speed improvements
Optimization of the analysis engine, resulting in up to 40% faster analysis for large projects. This drastically cuts your wait time so you have a significantly faster feedback loop, leading to quicker code reviews and higher overall velocity.
New IDE quick fixes for JS/TS
58 new JavaScript and TypeScript quick fixes are available in SonarQube for IDE. This allows you to quickly remediate issues right within your IDE at the click of a button.
Issues show the rule maturity level
Surfaces BETA rule status directly in the issue view. This empowers you to triage with confidence, easily recognizing when an issue is based on an experimental rule, allowing you to make informed decisions on whether or not to act immediately on raised issues.
Improved in-product messaging
We’ve created a dynamic messaging system to communicate product updates directly within the user interface. This helps you stay informed by seeing relevant new features and updates immediately upon login.
Expanded language coverage
We’ve broadened our language coverage, enhanced analysis accuracy, and updated high-growth languages to keep up with their latest changes.
Support for Swift versions: 5.9, 5.10, 6.0 and 6.1
This release includes comprehensive support for Swift versions 5.9 through 6.1, including macros, variadic generics, and new syntax features. It also includes support for SwiftUI, Static Application Security Testing (SAST) for Swift and even secrets detection in Swift code. This allows you to write modern iOS code with drastically reduced errors and security vulnerabilities, future-proofing your development.
Support for Python 3.14
This release can find issues with Python 3.14 syntax, including the new JIT compiler and defer statement features. This allows you to quickly adopt the new language version, allowing you to use performance-oriented Python 3.14 features safely with ease.
Support for Python PyTorch Library
Uncover issues when using PyTorch to help you write efficient, error-free Machine Learning code. This provides AI/ML assurance with guidance for writing efficient PyTorch code, preventing issues that lead to misleading results or resource waste.
Shell/Bash analysis
Find and fix code quality issues in Shell/Bash scripts. This ensures codebase completeness by providing essential coverage for a language prevalent in infrastructure automation.
Expanded Apex
We’ve significantly expanded the detection of code quality and code security issues in Apex code to address enterprise coverage gaps. build robust Salesforce apps and see actionable, language-specific insights for Apex that reflect modern best practices.
Expanded Go
SonarQube can find over 40 new types of code quality rules in Go, targeting the cloud-native ecosystem. You gain cloud-native coding muscle with valuable code quality insights for this high-growth language.
Expanded Ruby
Introduces Ruby language-specific and Ruby on Rails framework-specific issue detection. This moves beyond basic code quality checks to offer genuinely valuable deep insights for Ruby developers by increasing issue detection by 50% while keeping false positive rates below 5%.
Inherent security and compliance
In this release we were laser focused on building our security and compliance coverage, including support for new industry standards, safety norms, and improved security in the software supply chain.
Support for STIG V6R3
We’ve updated the types of issues SonarQube can find to align with the latest Security Technical Implementation Guide (STIG) for Application Security and Development, Version 6 Release 3. You will receive guidance aligned with critical government security benchmarks, ensuring your code is compliant by default.
Support OWASP Top 10 2025
With updated mappings, documentation, and reporting SonarQube is now aligned with the newly released OWASP Top 10 2025 benchmark. This helps you stay ahead of web threats as the guidance you receive is aligned with the globally recognized benchmark. Available in Enterprise and Data Center editions only.
Complete MISRA C++:2023 compliance
SonarQube covers all 179 MISRA C++:2023 guidelines in SonarQube Enterprise and Data Center editions (only). You gain safety-critical confidence by accessing comprehensive, production-ready MISRA C++L:2023 code quality and safety issue detection with compliance results directly in your workflow.
Detect security misconfigurations in Bash
Detects unsafe file permissions, insecure commands, and hardcoded secrets in .sh files. This helps you secure your pipelines by automating the review of your shell scripts for critical errors.
SBOM import
Allows importing of CycloneDX and SPDX SBOMs to report vulnerabilities for arbitrary apps, containers, and C/C++. This gives you universal dependency coverage, gaining visibility into vulnerabilities within containers and third-party components that were previously opaque. Available only in SonarQube Advanced Security.
Advanced SAST refreshed for C# & Java top 1K
We’ve refreshed and optimized Advanced SAST for the Top 1,000 most used libraries in C# and Java. You receive highly relevant security findings based on deep knowledge of these often used libraries uncovering the latest security vulnerabilities so you can build robust Java and C# code. Available only in SonarQube Advanced Security.
Advanced SAST for Python top 100
Advanced SAST has been expanded to the Top 100 most used Python libraries. This ensures high-precision code security by minimizing false negatives and accurately analyzing popular Python dependencies. Available only in SonarQube Advanced Security.
Details of 2025.6 release can be found in the SonarQube Server release notes.
Ready to experience the power of SonarQube Server? Get it today and find out.