What’s new

We’ve just added 33 new rules for Ruby and Ruby on Rails, increasing the total to 75. These new rules are designed to help you write more maintainable and reliable code. Run a fresh analysis on your Ruby projects to see them in action.

These new rules are currently in "beta" as we continue to assess their quality. Your feedback is important to us as we finalize them:

• For false positives: Please mark the issue in SonarQube Cloud. In the dialog box, check the box to share your reasoning and the code with us so we can improve the rules.
• For general feedback: Please share your thoughts on our community forum thread.

You can see all 75 Ruby rules in our rules database.

Announcing a powerful new way to manage your codebase at scale: dynamic, parameter-based portfolios are now available in SonarQube Cloud Enterprise. This feature significantly simplifies getting an aggregated view of the projects you care about.

• Define portfolios using three new methods: Using project tags, organizations, or with regular expressions (RegEx) that match project keys.
• Automatic updates: Portfolios automatically add or remove projects as their tags or keys change, ensuring your view is always current without manual intervention.
• Gain an enterprise-wide perspective. Create a single portfolio that spans multiple organizations to gain a comprehensive, top-level view of specific initiatives across your entire business.

To get started, ensure you have permissions to manage Portfolios. Navigate to your Portfolios page (e.g., via “My Portfolios” from the main header) and click “Create Portfolio”. You will then see the new options to define your portfolio dynamically.

Discover more here

Ensure your CI/CD pipelines run without interruption using Scoped Organization Tokens (SOTs), a secure and scalable way to manage authentication for automated processes. Available for our Team and Enterprise plans, SOTs are not tied to individual user accounts, preventing broken builds when a team member leaves the organization.

With SOTs, you can:

• Ensure CI/CD continuity. Create tokens at the organization level, decoupled from individual users, to keep your automation running smoothly even when team members change.
• Enhance security with granular permissions. Apply the principle of least privilege by creating tokens with specific, limited scope - starting with analysis permission - to reduce your security risk.
• Simplify token management. Centrally create, view, and revoke all organization tokens from a single location, giving administrators full visibility and control.

Discover more in this blog post. For further details check out our documentation and this Community post.

Advanced Security is now generally available as a subscription for the Enterprise plan. Secure your software supply chain by identifying vulnerabilities in both your own code and its third-party open source dependencies, all within your existing workflow.

Advanced Security builds on SonarQube Cloud’s existing security features to provide even more comprehensive protection:

• Discover vulnerabilities in your dependencies. Automatically detect known vulnerabilities (CVEs) and license compliance issues in your third-party open source libraries with Software Composition Analysis (SCA).
• Uncover complex security hotspots. Find deeper vulnerabilities that arise from the interaction between your code and open source library code with advanced SAST.
• Streamline your security workflow. Analyze your entire codebase—first-party, third-party, and AI-generated—in one place, reducing tool sprawl and keeping developers in their flow.

Learn more in this blog post, and Community post.

Receive real-time notifications on your analysis results directly in Slack, helping your team shorten its feedback loop and act on issues faster.

With this integration, you can:

• Get instant Quality Gate updates. Receive notifications when your main branch's Quality Gate changes state.
• Reduce context switching. Act on findings with rich context directly from your Slack workspace, without checking email.
• Connect in seconds. Search for the SonarQube Cloud app in Slack to add it to your workspace and configure project notifications

Discover more here

Directly transform SonarQube findings into Jira tickets in seconds. Our new integration bridges the gap between code analysis and project management, eliminating context switching for your team and streamlining your workflow.

With this integration, you can:

• Create Jira tickets directly from SonarQube. Push a single finding or group multiple issues into one work item.
• Gain instant release readiness insights. The new Jira release widget on your main branch displays information on your upcoming Jira versions at a glance.
• Connect projects effortlessly. Securely bind your SonarQube organization and projects to your Jira Cloud instance.

Get started by having an administrator connect your SonarQube organization to your Jira Cloud instance from the organization's administration settings.

For detailed setup instructions and to explore all new features, refer to our Community post and documentation.