Major Language Updates
Java 21 LTS and TypeScript 5.4 Now Supported
Sonar continues its dedication to supporting the latest advances in languages by adding support for Java 21 LTS. This includes updating existing rules to support the language changes and adding eleven new rules designed to cover new language features in Java 21. For TypeScript developers, we’ve added support for the latest TypeScript version 5.4.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Support For C++23
Sonar helps pave the way for C++ early adopters by adding support for C++23. The adoption of C++20 has been progressing well, and Sonar expects that trend to continue with the adoption of C++23. Now, you can code in C++23 with all the safeguards you expect from SonarQube. All existing C++ rules have been updated to take into account the changes in the new version.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Faster Secret Detection Analysis
When running on a multicore/multi-CPU machine, the secrets detection engine now leverages parallel CPUs for secret scanning. This guarantees that secret detection analysis has zero performance impact on overall analysis performance.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
More Libraries for Deeper SAST
In our continued effort to improve deeper SAST, we’ve increased our coverage of public Java libraries by an order of magnitude, so we now cover the two thousand public libraries most used by developers. The result is that Deeper SAST is even more powerful in detecting those deeply hidden vulnerabilities and will uncover more issues in your code.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Kubernetes and Helm Charts Improvements
As Kubernetes and Helm Chart popularity grows, SonarQube is doubling our rules to sixteen security rules and sixteen maintainability best practice rules for Kubernetes and Helm Charts.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
TensorFlow, Date, and Time Libraries in Python
We have added support for the TensorFlow library, one of the top Python libraries used for AI/ML development. This increases our support for three of the top Python libraries that Machine Learning practitioners use: TensorFlow, NumPy, and Pandas. In our effort to make continuous improvements to help Python developers, we've added seven new rules to avoid pitfalls when using Date & Time libraries.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
C# in .NET Logging Best Practices
Logging is an important part of developing robust applications and now SonarQube helps you with good C# logging practices in the .NET framework. With fifteen new rules for logging, you can avoid common pitfalls and be sure to follow logging best practices.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Expansion of Accessibility to Cover HTML
To help you write accessible code for front-end applications, we have ported sixteen rules from JavaScript to HTML bringing the total number of accessibility rules between JavaScript, Typescript, and HTML to just under one hundred. This means the same accessibility coverage you have for writing JavaScript and React code now covers you when you write HTML code.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Improved Code Efficiency in Java
To improve the sustainability of your code, we’ve added eleven new rules for Java enterprise and Java Android mobile developers to improve efficiency in your code. These new rules are our first step in aiding you in reducing your applications' power and battery consumption.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Clean Your Entire Mainframe Ecosystem
Sonar helps clean the entire mainframe ecosystem, not just COBOL code. Now, we have rules to cover Job Control Language (JCL), a commonly used mainframe scripting language used to orchestrate the execution of COBOL programs.
Available in Enterprise Edition | Data Center Edition
Simplified Project Onboarding & Analysis Config
Guided Configuration of All Projects in a Monorepo
Monorepos are single repositories that contain multiple projects. As of this release, you will import your monorepos from GitHub or GitLab, and then SonarQube will guide you through setting up each project in the monorepo. During the guided onboarding of projects, SonarQube suggests a prefix for your project names, then you simply add a project reference and key, select your new code definition, set up the analysis, and the projects are automatically set with their pull request decoration. It’s that easy!
Available in Enterprise Edition | Data Center Edition
Maven Scanner Scans All Files
The new SonarScanner for Maven version 3.11 now automatically scans all files from the root of a Maven project, including Dockerfiles, CI config files, src/main/resources, etc. Before this release, the Maven scanner only analyzed files of standard Java projects in src/main/java and src/test/java. You no longer need to override sonar.sources
and sonar.tests
to scan all files in the root Maven directory. This feature is disabled by default so the scanner doesn’t suddenly pick up files unintentionally. To enable this feature, set sonar.maven.scanAll
to true.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
New C, C++, and Objective-C GitHub Action
Sonar is excited to announce a new SonarQube GitHub Action for C, C++, and Objective-C. This milestone eliminates the manual setup of a GitHub Action to scan your C, C++, and Objective-C code. You can find the official Sonar-supplied GitHub Action in the GitHub Action Marketplace.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Other Changes to Note
JavaScript/TypeScript:
- Ongoing precision improvements were made to reduce false positive rates.
Java/Kotlin:
- Added five new rules.
.NET:
- Promoted seven rules to the Sonar way quality profile.
Python:
- Ongoing precision improvements were made to reduce false positive rates.
Updated views with the new Clean Code Taxonomy for:
- Projects
- Applications
- Portfolios
Ending Support for Node.js V16:
- Node.js V16 end of life was on September 11th, 2023, and SonarQube is no longer supporting it as of this release. Most developers will not be impacted, but if you are not on Linux x64, Windows x64, or Apple ARM64, you must upgrade to the latest LTS of Node.js manually, or your analysis will stop working.