Enterprise edition users also get faster server-side processing of PR analysis reports for all languages. Parallel processing of analysis reports has been updated so that branches will no longer block PR analysis reports from the same project, and PRs no longer block each other.
And PR analysis accuracy improves for all commercial editions with detection of file move in PRs. So renaming a file no longer re-raises all its old issues as "new" in the PR.
Two rules have been added to improve Java and Kotlin analysis detection of common cryptography problems related to block cipher mode. These new rules bring fuller coverage of ASVS v4 requirements. Additionally, 17 Java rules related to bugs and code correctness have been ported to Kotlin.
Concepts are a highly-anticipated C++20 feature that makes using templates easier and less error prone. But that doesn't mean using concepts correctly is obvious. That's why we've added six new rules to help you use them well. There are two to help you update existing code to use concepts, two that detect code smells related to the use of concepts / requires with templates , and two that detect problems when writing your own concepts. These come in addition to rules added earlier in the 9-series for proper use of `std::enable_if`, and concept naming conventions.
Additionally, we've improved reporting in path-sensitive rules to provide more understandable issue paths.
As a collaborator on the Static Analysis Results Interchange Format (SARIF), Sonar supported the formulation of this OASIS-approved standard, and now SonarQube supports its use for importing external vulnerability issues.
And finally, taint analysis rule implementations have been improved for all languages to provide clearer reporting on the paths through the code that lead to the issues we raise.
`develop`, `main`, `master`, `bob`. Depending on the name of your main development branch, you may have struggled in the past with seeing your main branch in the SonarQube UI. While the main branch name was read automatically for projects imported from DevOps Platforms, for projects that weren't imported, `master` was applied by default. Going forward, you'll be able to specify the name of the main branch for individually-onboarded new projects, and set a global default that will apply to automatically created projects as well.
And on the topic of onboarding, Enterprise Edition customers with multiple DevOps Platform instances (e.g. GitHub Enterprise + GitHub.com) will now have access to project onboarding wizards.
Administrators can now set a custom message on the login page. The message is intended to let you provide your users authentication guidance, such as "Use your LDAP credentials."
For users who shouldn't be able to log in anymore, we now have SCIM integration for Okta. The SAML / Okta support adds new users to SonarQube and when a user leaves, it ensures removal of the user in the IdP is synchronized to SonarQube, where the user record is deactivated and its tokens invalidated.
And in all editions, for the server itself, we've added the ability to run with Java 17, which is the current Java LTS.
- Improved parsing
- Improved recognition of generated code
- Analysis no longer fails when `node_modules` is extended in a tsconfig file to include missing modules
- C#11 parsing & rule updates