SonarQube

Home

Request trial

SonarQube 10.4

latest release announcement

The SonarQube 10.4 release includes some exciting changes that show the benefit of Clean Code and the Clean as You Code methodology. Scan times are faster and connecting to SonarLint is easier. Sonar is introducing easy onboarding for GitLab, new support for Helm Charts, and much more.

Image of SonarQube 10.4

SonarQube Shows You the Benefits of Clean Code and the Clean as You Code Methodology

Pull Requests Show Issues That Will Be Fixed When Merged

Eliminate the guesswork of what you’re fixing in new code with the new view of fixed issues in a pull request.  Now you can see which issues will be resolved before merging the pull request, reducing the chance of rework due to missing issues you intended to resolve. The pull request decoration in all 4 CI platforms (GitLab, GitHub, Azure DevOps, Bitbucket) and the pull request summary in SonarQube show the issues that will be fixed upon merging the pull request.


SonarQube screen capture of a pull request summary showing fixed issues and accepted issues.

SonarQube pull request summary showing accepted issues and fixed issues categories.


SonarQube screen shot of pull request decoration with fixed issues and accepted issues

Pull request decoration in CI Platform showing fixed issues and accepted issues count.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Branch Summary Shows Issue Count And Overall Code Shows Software Quality

The branch summary has been updated to show the Clean Code Taxonomy view of a single count of issues instead of the previous categories, bringing it in line with the pull request decoration and pull request summary. The overall code tab is also changing to show software quality and a count of high, medium, and low severity issues.


SonarQube screen capture of the branch summary showing new categories in the New Code tab

SonarQube branch summary showing new code tab with new issues and accepted issues categories.


SonarQube screen capture of branch summary on the Overall Code tab

SonarQube branch summary showing the overall code tab with software quality categories that have a count of high, medium, and low issues as well as the accepted issues category.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Dismiss Issues Marked as “Accepted” And Keep Track Of How Many

Developers can now mark an issue as “accepted” instead of “won’t fix”, including clear messaging explaining how accepting the issue contributes to technical debt. SonarQube keeps track of the issues marked as accepted and shows the number of accepted issues in the branch summary and pull request decoration. The branch summary shows the number of accepted issues in new code and overall code. The pull request decoration in the DevOps CI platform of your choice displays the number of accepted issues. Clicking on the accepted issue count in any location will bring you to the list of accepted issues with details on why they are issues. Altogether, these views help development teams understand the accumulation of technical debt by accepting issues and how they counter Clean as You Code.


(see the screen captures above with the accepted issues category)


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Faster Scan Times

Scan times and bandwidth are significantly reduced because the scanner now only downloads the analyzers required for the project being analyzed based on the files and languages in the project. Previously, the scanner downloaded all the analyzers regardless of the project details.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Provision And Sync Users And Groups From GitLab

In this release, we take the first steps to support the autoconfiguration of GitLab in SonarQube, similar to the autoconfiguration addition we completed in previous releases for GitHub. In 10.4, you can provision and sync users and groups from GitLab into SonarQube, significantly reducing the time to set up and manage authenticating with GitLab.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Benefits Of Linking SonarQube And SonarLint

From an issue in SonarQube, you can jump directly to the code in your IDE to view and fix the issue, saving you time finding the issue in your code. However, if you haven’t linked SonarQube with SonarLint, the button that takes you to your IDE will not work. Now, when you click the button in SonarQube and you haven’t linked to SonarLint, SonarQube walks you through connecting to SonarLint so that you can get started fixing code. Also, new to the 10.4 release, SonarQube Enterprise Edition will download your custom secrets rules to SonarLint. SonarLint will highlight those secrets as you code, preventing them from being inadvertently pushed to your repository.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Introducing Support For Scanning Helm Charts

SonarQube now supports scanning Helm Charts for Helm-based Kubernetes deployments using the same Kubernetes rules that are applied to other YAML files.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

New Log File Shows Deprecated APIs And API Parameters

To make upgrading smoother, we added a log file containing details when you call deprecated web APIs and use deprecated web API parameters. You now get quick feedback when you use deprecated APIs and API parameters. This new log file is downloadable from the administration section in SonarQube and can be accessed directly in the file system.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

New Rule Attributes Adopt The Clean Code Taxonomy 

Attributes of new rules you create from a template have been transitioned to the new Clean Code Taxonomy. Previously, the Clean Code Taxonomy and legacy attributes were both displayed when creating rules. Now, only the Clean Code Taxonomy value is displayed when creating a rule. The templates for creating new rules contain the default mapping from the legacy attribute to the Clean Code Taxonomy value to show what Sonar advises as the new Clean Code Taxonomy value. However, you’re not required to use the default. You can set the rule to any Clean Code Taxonomy attribute you choose.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Improvements to Learn as You Code 

1,700 rules have been updated with improvements and additions to the “How can I fix it?” and “More info” sections. Important and helpful information explaining the links between code smells and more severe issues is also included.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Language Updates

JavaScript/TypeScript:

  • 18 Accessibility rules for React.js
  • Javascript/TypeScript/CSS analyzer will come bundled with the correct Node.js version, removing the need to install and update Node.js in your scanning environment.
  • End of support for NodeJS v14

Java/Kotlin:

  • 10 new rules for Spring Boot, bringing the total up to 40
  • Replicated the 30+ rules from Javax to Jakarta so that both packages now have the same coverage

C/C++

  • 12 new MISRA C++ 2023 rules
  • Detect issues in C++ macros
  • Added support for Wind River’s ccarm compiler

.NET 

  • 5 new Blazor rules
  • 30 .NET rule updates, including false positives, false negatives, and performance improvements

Python:

  • Reached 90% True Positive Rate (TPR) on top 3 Python SAST Benchmarks: DVGA, DSVW, and skf-labs-python
  • Added support for Graphene (GraphQL for Python)
  • Added support for FastAPI framework, rounding out our support of the top 3 API frameworks for Python, including Flask and Django

download the latest SonarQube version!

download nowRequest a demo