New Rules for MISRA C++ 2023
SonarQube's new MISRA C++ 2023 rules include 43 rules aligned with MISRA guidelines, all selectable in your Quality Profile. From SonarLint in your IDE to SonarQube 10.2 and SonarCloud, achieve higher confidence with comprehensive safety compliance.
Available in Developer Edition | Enterprise Edition | Data Center Edition
SonarQube Security Enhancements
In addition to incorporating the security guidelines defined by MISRA (Motor Industry Software Reliability Association), SonarQube 10.2 release is packed with other features designed to enhance code security and quality.
Security analysis now integrated into GitLab dashboards
Enhance your workflow with SonarQube's latest feature that makes security issues natively visible in your GitLab dashboard. When your SonarQube instance is configured with GitLab, vulnerability issues are automatically synced from SonarQube to GitLab. Simply navigate to "GitLab > Vulnerability Report" to see the results post-SonarQube scan. For users of the Community Edition, vulnerability issues are displayed for the main branch, while Developer+ editions extend this feature across all branches.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Enhanced cloud secret detection
Amplify code security with Sonar's newly expanded cloud secrets detection feature. Now capable of identifying secrets across 29 cloud services, SonarQube detects a comprehensive range of more than 60 secrets and tokens. For security teams and developers alike, this expanded capability fortifies your codebase against potential vulnerabilities while also assisting with compliance requirements.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Detect Security Misconfigurations in Microsoft Bicep-Generated ARM Templates
Level up your Azure development workflow with Sonar's new rules to identify security misconfigurations in Azure Resource Manager (ARM) templates created via Microsoft Bicep. With the addition of targeted rules, you can now catch these issues right in your ARM templates. This feature offers an extra layer of security, making your Azure deployments more resilient against vulnerabilities.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Advanced Support for PHP Super-Global Arrays
Elevate your PHP development and security analysis with SonarSecurity's improved support for PHP super-global arrays. This update increases the precision of our PHP analysis, effectively reducing false negatives. For developers, this means more accurate code assessments, and for security teams, an added layer of trust in the code's security integrity.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Streamlined Permission Synchronization from GitHub
Streamline your administrative tasks with SonarQube's enhanced capability for synchronizing project permissions directly from GitHub. Eliminate cumbersome configurations or custom automation to align your SonarQube projects with your GitHub repository permissions. With this feature, admins can effortlessly maintain consistent levels of access across both platforms, simplifying the process of project permission management in SonarQube.
Available in Developer Edition | Enterprise Edition | Data Center Edition
SonarQube 10.2 Operational improvements
Minimizing Reindexing Disruptions Post-Upgrade
Upgrade your SonarQube instance without missing a beat in your development cycle. Our latest enhancement ensures that developers and administrators gain immediate access to projects and analysis results as soon as the SonarQube UI is available post-upgrade or disaster recovery. By optimizing the reindexing process, this feature eliminates workflow disruptions and reduces downtime, allowing your development and administrative tasks to continue seamlessly.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Flexible Main Branch Designation
For teams utilizing the SonarQube’s Developer Edition or higher, changing your project's main branch is now a seamless affair, complete with preserved history. This feature especially benefits those not reliant on DevOps platforms for project onboarding but who prefer automation for project creation. Administrators can now effortlessly pivot the project’s focus by designating a different, existing branch as the main one, all without losing any of the attached historical data. Meanwhile, developers will appreciate the flexibility and continuity this brings, as they can shift their efforts to the newly designated main branch without worrying about the loss of valuable insights from previous analyses.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Accelerate Fixes and Learning with New Rule Format
As part of our ongoing commitment to education, we continue to expand rules to take advantage of the Learn as You Code (LaYC) methodology. This means that you will find even more rules enhanced to help you understand why the issue matters (the 'Why is this an issue?' tab) and how to fix it ('How do I fix it?'). You can also grow as an engineer through a range of blog posts, standards documentation, and coding principles in these rules (the 'more info' tab).
This, together with enhanced highlighting of code examples, makes it faster for you to fix the most important issues today and avoid these and other issues in the future, all while growing your mastery of Clean Code.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Enhanced Synchronization between SonarLint and SonarQube
Experience greater control over your code analysis with the enhanced synchronization features between SonarLint and SonarQube. Now, before SonarQube completes its analysis, you can mute issues directly within your VS Code environment via SonarLint. As a developer, this enables you to classify an issue as either "Won't Fix" or "False Positive," streamlining the review process by preventing these tagged issues from reappearing in your IDE and from being flagged for your team once the SonarQube analysis is finalized. This enhancement is a valuable time-saver, offering both individual developers and collaborative teams a more efficient, clutter-free coding and review experience.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Clean Code Taxonomy UI Integration
Elevate your code quality management with our latest UI updates on the Issues and Rules pages, which now include a comprehensive integration of the new Clean Code taxonomy. This update aims to provide more nuanced insights into your code, facilitating both individual and team-level improvements.
As a developer, you'll find each issue classified not only by its severity—now represented as Low, Medium, or High based on software qualities—but also by Clean Code attributes. This is the first in a series of updates aimed at aligning our interface and categorizations with the new Clean Code taxonomy, offering you a more detailed and meaningful understanding of your code's quality and areas for improvement.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Modernized UI and UX updates Across SonarQube
Enhance your SonarQube experience with our sleek UI and UX updates now available in project, project onboarding, and application spaces. Adopting the signature Sonar design system and a refreshed visual identity, these updates provide a unified and modern experience that aligns seamlessly with SonarCloud.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Language Updates
Python:
- Faster incremental analysis for Python
- Generate stubs for known typed Python libraries available on PyPI
- Added valuable Core Python rules
Java/Kotlin:
- Support of Gradle Kotlin DSL + 7 dedicated rules for writing well architected and easily maintainable Java code
PHP
- Faster incremental analysis for PHP
IaC
- Improved support of Azure Resource Manager (ARM)
- Detect security misconfiguration on Microsoft Bicep
.NET
- Set of 9 new rules for DateTime
- Almost all developers use date and times in their applications and their misuse is one of the most common bugs particularly when timezones are involved.
AcuCOBOL
- Improved support for AcuCOBOL
- Parser and Preprocessor improvements