SonarQube

Home

Request trial

SonarQube 10.5

latest release announcement

In the 10.5 release of SonarQube, we’re thrilled to announce support for Java 21, C++23, and TypeScript 5.4. * Secrets detection analysis is faster and deeper SAST coverage has increased. We’ve simplified onboarding projects for monorepos in GitHub and GitLab, Maven, and GitHub Actions. We have doubled the rules for Kubernetes and Helm Charts. With the addition of the TensorFlow library, we expand our support of common libraries used by Machine Learning (ML) practitioners. Details on that and more are below.

Image of SonarQube 10.5 release.

Major Language Updates

Java 21 LTS and TypeScript 5.4 Now Supported

Sonar continues its dedication to supporting the latest advances in languages by adding support for Java 21 LTS. This includes updating existing rules to support the language changes and adding eleven new rules designed to cover new language features in Java 21. For TypeScript developers, we’ve added support for the latest TypeScript version 5.4. 


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Support For C++23

Sonar helps pave the way for C++ early adopters by adding support for C++23. The adoption of C++20 has been progressing well, and Sonar expects that trend to continue with the adoption of C++23. Now, you can code in C++23 with all the safeguards you expect from SonarQube. All existing C++ rules have been updated to take into account the changes in the new version.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Faster Secret Detection Analysis

When running on a multicore/multi-CPU machine, the secrets detection engine now leverages parallel CPUs for secret scanning. This guarantees that secret detection analysis has zero performance impact on overall analysis performance. 


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

More Libraries for Deeper SAST

In our continued effort to improve deeper SAST, we’ve increased our coverage of public Java libraries by an order of magnitude, so we now cover the two thousand public libraries most used by developers. The result is that Deeper SAST is even more powerful in detecting those deeply hidden vulnerabilities and will uncover more issues in your code.


Available in Developer Edition | Enterprise Edition | Data Center Edition

Kubernetes and Helm Charts Improvements

As Kubernetes and Helm Chart popularity grows, SonarQube is doubling our rules to sixteen security rules and sixteen maintainability best practice rules for Kubernetes and Helm Charts.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

TensorFlow, Date, and Time Libraries in Python

We have added support for the TensorFlow library, one of the top Python libraries used for AI/ML development. This increases our support for three of the top Python libraries that Machine Learning practitioners use: TensorFlow, NumPy, and Pandas. In our effort to make continuous improvements to help Python developers, we've added seven new rules to avoid pitfalls when using Date & Time libraries.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

C# in .NET Logging Best Practices

Logging is an important part of developing robust applications and now SonarQube helps you with good C# logging practices in the .NET framework. With fifteen new rules for logging, you can avoid common pitfalls and be sure to follow logging best practices.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Expansion of Accessibility to Cover HTML

To help you write accessible code for front-end applications, we have ported sixteen rules from JavaScript to HTML bringing the total number of accessibility rules between JavaScript, Typescript, and HTML to just under one hundred. This means the same accessibility coverage you have for writing JavaScript and React code now covers you when you write HTML code.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Improved Code Efficiency in Java

To improve the sustainability of your code, we’ve added eleven new rules for Java enterprise and Java Android mobile developers to improve efficiency in your code. These new rules are our first step in aiding you in reducing your applications' power and battery consumption.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

Clean Your Entire Mainframe Ecosystem

Sonar helps clean the entire mainframe ecosystem, not just COBOL code. Now, we have rules to cover Job Control Language (JCL), a commonly used mainframe scripting language used to orchestrate the execution of COBOL programs.


Available in Enterprise Edition | Data Center Edition

Simplified Project Onboarding & Analysis Config

Guided Configuration of All Projects in a Monorepo

Monorepos are single repositories that contain multiple projects. As of this release, you will import your monorepos from GitHub or GitLab, and then SonarQube will guide you through setting up each project in the monorepo. During the guided onboarding of projects, SonarQube suggests a prefix for your project names, then you simply add a project reference and key, select your new code definition, set up the analysis, and the projects are automatically set with their pull request decoration. It’s that easy!


Available in Enterprise Edition | Data Center Edition

Maven Scanner Scans All Files

The new SonarScanner for Maven version 3.11 now automatically scans all files from the root of a Maven project, including Dockerfiles, CI config files, src/main/resources, etc. Before this release, the Maven scanner only analyzed files of standard Java projects in src/main/java and src/test/java. You no longer need to override sonar.sources and sonar.tests to scan all files in the root Maven directory. This feature is disabled by default so the scanner doesn’t suddenly pick up files unintentionally. To enable this feature, set sonar.maven.scanAll to true.


Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition

New C, C++, and Objective-C GitHub Action

Sonar is excited to announce a new SonarQube GitHub Action for C, C++, and Objective-C. This milestone eliminates the manual setup of a GitHub Action to scan your C, C++, and Objective-C code. You can find the official Sonar-supplied GitHub Action in the GitHub Action Marketplace


Available in Developer Edition | Enterprise Edition | Data Center Edition

Other Changes to Note

JavaScript/TypeScript:

  • Ongoing precision improvements were made to reduce false positive rates.


Java/Kotlin:

  • Added five new rules.


.NET:

  • Promoted seven rules to the Sonar way quality profile.


Python:

  • Ongoing precision improvements were made to reduce false positive rates.


Updated views with the new Clean Code Taxonomy for:

  • Projects
  • Applications
  • Portfolios


Ending Support for Node.js V16:

  • Node.js V16 end of life was on September 11th, 2023, and SonarQube is no longer supporting it as of this release. Most developers will not be impacted, but if you are not on Linux x64, Windows x64, or Apple ARM64, you must upgrade to the latest LTS of Node.js manually, or your analysis will stop working.

download the latest SonarQube version!

download nowRequest a demo