SonarQube Shows You the Benefits of Clean Code and the Clean as You Code Methodology
Pull Requests Show Issues That Will Be Fixed When Merged
Eliminate the guesswork of what you’re fixing in new code with the new view of fixed issues in a pull request. Now you can see which issues will be resolved before merging the pull request, reducing the chance of rework due to missing issues you intended to resolve. The pull request decoration in all 4 CI platforms (GitLab, GitHub, Azure DevOps, Bitbucket) and the pull request summary in SonarQube show the issues that will be fixed upon merging the pull request.
SonarQube pull request summary showing accepted issues and fixed issues categories.
Pull request decoration in CI Platform showing fixed issues and accepted issues count.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Branch Summary Shows Issue Count And Overall Code Shows Software Quality
The branch summary has been updated to show the Clean Code Taxonomy view of a single count of issues instead of the previous categories, bringing it in line with the pull request decoration and pull request summary. The overall code tab is also changing to show software quality and a count of high, medium, and low severity issues.
SonarQube branch summary showing new code tab with new issues and accepted issues categories.
SonarQube branch summary showing the overall code tab with software quality categories that have a count of high, medium, and low issues as well as the accepted issues category.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Dismiss Issues Marked as “Accepted” And Keep Track Of How Many
Developers can now mark an issue as “accepted” instead of “won’t fix”, including clear messaging explaining how accepting the issue contributes to technical debt. SonarQube keeps track of the issues marked as accepted and shows the number of accepted issues in the branch summary and pull request decoration. The branch summary shows the number of accepted issues in new code and overall code. The pull request decoration in the DevOps CI platform of your choice displays the number of accepted issues. Clicking on the accepted issue count in any location will bring you to the list of accepted issues with details on why they are issues. Altogether, these views help development teams understand the accumulation of technical debt by accepting issues and how they counter Clean as You Code.
(see the screen captures above with the accepted issues category)
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Faster Scan Times
Scan times and bandwidth are significantly reduced because the scanner now only downloads the analyzers required for the project being analyzed based on the files and languages in the project. Previously, the scanner downloaded all the analyzers regardless of the project details.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Provision And Sync Users And Groups From GitLab
In this release, we take the first steps to support the autoconfiguration of GitLab in SonarQube, similar to the autoconfiguration addition we completed in previous releases for GitHub. In 10.4, you can provision and sync users and groups from GitLab into SonarQube, significantly reducing the time to set up and manage authenticating with GitLab.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Benefits Of Linking SonarQube And SonarLint
From an issue in SonarQube, you can jump directly to the code in your IDE to view and fix the issue, saving you time finding the issue in your code. However, if you haven’t linked SonarQube with SonarLint, the button that takes you to your IDE will not work. Now, when you click the button in SonarQube and you haven’t linked to SonarLint, SonarQube walks you through connecting to SonarLint so that you can get started fixing code. Also, new to the 10.4 release, SonarQube Enterprise Edition will download your custom secrets rules to SonarLint. SonarLint will highlight those secrets as you code, preventing them from being inadvertently pushed to your repository.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Introducing Support For Scanning Helm Charts
SonarQube now supports scanning Helm Charts for Helm-based Kubernetes deployments using the same Kubernetes rules that are applied to other YAML files.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
New Log File Shows Deprecated APIs And API Parameters
To make upgrading smoother, we added a log file containing details when you call deprecated web APIs and use deprecated web API parameters. You now get quick feedback when you use deprecated APIs and API parameters. This new log file is downloadable from the administration section in SonarQube and can be accessed directly in the file system.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
New Rule Attributes Adopt The Clean Code Taxonomy
Attributes of new rules you create from a template have been transitioned to the new Clean Code Taxonomy. Previously, the Clean Code Taxonomy and legacy attributes were both displayed when creating rules. Now, only the Clean Code Taxonomy value is displayed when creating a rule. The templates for creating new rules contain the default mapping from the legacy attribute to the Clean Code Taxonomy value to show what Sonar advises as the new Clean Code Taxonomy value. However, you’re not required to use the default. You can set the rule to any Clean Code Taxonomy attribute you choose.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Improvements to Learn as You Code
1,700 rules have been updated with improvements and additions to the “How can I fix it?” and “More info” sections. Important and helpful information explaining the links between code smells and more severe issues is also included.
Available in Community Edition | Developer Edition | Enterprise Edition | Data Center Edition
Language Updates
JavaScript/TypeScript:
- 18 Accessibility rules for React.js
- Javascript/TypeScript/CSS analyzer will come bundled with the correct Node.js version, removing the need to install and update Node.js in your scanning environment.
- End of support for NodeJS v14
Java/Kotlin:
- 10 new rules for Spring Boot, bringing the total up to 40
- Replicated the 30+ rules from Javax to Jakarta so that both packages now have the same coverage
C/C++
- 12 new MISRA C++ 2023 rules
- Detect issues in C++ macros
- Added support for Wind River’s ccarm compiler
.NET
- 5 new Blazor rules
- 30 .NET rule updates, including false positives, false negatives, and performance improvements
Python:
- Reached 90% True Positive Rate (TPR) on top 3 Python SAST Benchmarks: DVGA, DSVW, and skf-labs-python
- Added support for Graphene (GraphQL for Python)
- Added support for FastAPI framework, rounding out our support of the top 3 API frameworks for Python, including Flask and Django