SonarQube Server

Home

Request trial

SonarQube 10.7

latest release announcement

Sonar introduces powerful AI-driven features, expanded support for new and existing languages and frameworks, deeper security, and two newly added compliance standards, all to elevate your code quality. These updates bring significant advancements for developers and teams, from improved integrations to deployment flexibility.

New AI Capabilities

Clean, Secure AI-generated Code

New in SonarQube Server 10.7, Sonar AI Code Assurance is a robust and streamlined process for validating AI-generated code through a structured and comprehensive analysis. Developers can easily identify and tag projects containing AI-generated code, initiating the Sonar AI Code Assurance workflow. This ensures that every new piece of code meets the highest quality and security standards before it moves to production.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Quickly and Immediately Fix Found Issues

You will get free early access to Sonar AI CodeFix, a powerful new capability that suggests code fixes for issues discovered by SonarQube Server. With just one click, you can now receive suggestions on resolving a range of issues, streamlining the issue resolution process. By automating the resolution of common coding problems, Sonar AI CodeFix significantly boosts developer speed and productivity.


Available in Enterprise Edition | Data Center Edition

Powerful Security Updates

New STIG and CASA Security Reports

IIn this release, we expand our support for catching security issues defined in common security standards and reporting on them. We have included coverage of the Defense Information Systems Agency’s Security Technical Implementation Guide (STIG) and The Defence Alliance’s Cloud Application Security Assessment (CASA). You can generate a STIG and a CASA security report for use in helping prove your company complies with the STIG and CASA standards.


Available in Enterprise Edition | Data Center Edition

Advanced Security for the Spring Framework

To help better understand how well a static code analysis tool handles security for developer frameworks, Sonar has devised a system to evaluate and rate security coverage for a specific developer framework. This system consists of a set of 45 security KPIs and a method for evaluating the KPIs and ranking coverage of the framework at four distinct levels: minimal coverage, standard coverage, advanced coverage, and complete coverage. Sonar is very proud to announce that in the SonarQube Server 10.7 release, we’ve elevated our security coverage of the Spring Framework to 92%, earning a “complete coverage” score. Java developers leveraging the Spring Framework can rest assured that SonarQube Server is one of the most comprehensive and advanced static application security testing (SAST) tools with over 200 rules for the popular Java framework. SonarQube Server will help developers ensure that their Spring-based applications run smoothly and have few to no security vulnerabilities.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Secrets Detection Includes More Patterns and Cloud Services

Now, with 90 RegEx rules covering 146 secrets patterns, SonarQube Server’s secrets detection solution is more powerful than ever. This addition adds over 30 new secrets patterns, resulting in the detection of secrets/tokens generated by 81 cloud services and over 1000 APIs with password or token arguments.


Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition

Newly Supported Languages and Libraries

Analyze Dart/Flutter Apps

Our developer community spoke, and we listened! Dart has been the most requested new language to include, and now it’s finally here. This early access is just the beginning. With 76 new rules for Dart and much more to come in future releases, SonarQube Server detects a dozen bugs and over 60 issues that lead to technical debt. Get started analyzing Dart code and avoid the most common issues that plague Flutter apps. Learn more about Sonar’s coverage of Dart/Flutter.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Analyze Jupyter Notebooks and PyTorch Code

PyTorch is one of the most widely used machine-learning libraries for Python. With new rules for PyTorch, SonarQube Server covers the leading AI and ML Python libraries, including TensorFlow, Scikit-learn, NumPy, and Pandas. Many AI and ML developers struggle with Jupyter Notebooks because few tools analyze the code embedded in a notebook. But now Sonar leaps forward with a unique and powerful set of rules to detect issues in Python code embedded in a Jupyter Notebook to help protect AI/ML practitioners against common coding pitfalls in their Jupyter Notebooks.


Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition

Developer Productivity

Detect Dataflow Bugs in IntelliJ and Eclipse

When SonarQube for IDE: IntelliJ or Eclipse IDEs is connected with SonarQube Server Developer Edition or higher, it can detect advanced dataflow bugs. This allows developers to see and fix those discovered issues immediately as they code in their IDE.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Operational Improvements

Autosync Permissions and Roles with GitLab

When an administrator sets up automatic provisioning of users and groups with GitLab, project permissions and groups will be automatically synchronized with GitLab. This ensures that permissions and roles stay in synch between SonarQube Server and GitLab, with GitLab acting as the master of permissions and groups.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Deploy SonarQube Server on OpenShift

For customers operating their Kubernetes-based infrastructure using Red Hat OpenShift, we officially support running the SonarQube Server on Red Hat OpenShift. Now you can safely orchestrate all your applications and services together, including SonarQube Server.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Modern Authentication for Microsoft SMTP Server

Prior to this release, SonarQube Server used basic authentication with the Microsoft SMTP Server. Because many companies no longer support this authentication method, we were not in compliance with their security policies. With this change, SonarQube Server is using modern authentication with the Microsoft SMTP Server, bringing back support for integrating with companies’ email servers.


Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition

Strict Password Policy Rules

Local accounts in SonarQube Server now have strict password policy rules, bringing passwords into compliance with the more stringent security policies that most companies require. This change impacts passwords used by local accounts in SonarQube Server. The rules for passwords in remote accounts, such as via identity providers or other authentication means like LDAP are managed by those services.


Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition



The details of these and many more 10.7 features are in the SonarQube Server release notes.

Download the latest SonarQube Server version!

Download nowRequest a demo
  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.