What’s new

In our never-ending Clean Code quest, we've added 7 new rules dedicated to finding security issues in your Dockerfiles.

See all the details in the Community post.

Today, we released automatic analysis for .NET projects using GitHub. With just a couple clicks, you’ll get immediate, actionable feedback to ensure you’re following Sonar Clean Code best practices. This feature is perfect if you’re just getting started with Sonar or for a quick analysis on a new project to see where things stand. For the most complete experience we still recommend integrating Sonar with your CI-based workflow. We provide guidance on how to switch directly in the user interface.

See all the details in the Community post.

Devs can now enjoy faster CFamily PR and Branch analysis on SonarCloud following the deployment of the server-side cache mechanism announced a couple of days ago.

Now, by default, there is a cache on the server side that helps to speed up all your analysis. For it to work, you need to have configured your branch (Branch Analysis Setup | SonarCloud Docs) and your pull request analysis ( Pull Request Analysis | SonarCloud Docs) on SonarCloud.

See all the details in the Community post.

We are excited to announce that you can now scan your Dockerfiles with SonarCloud!

See all the details in the Community post.

Today we've enabled faster pull (merge) request analysis for all languages*.

Before, when a branch or a pull request was scanned, the analysis included all the files in your repository to ensure accuracy and only raise true positives. Now, on pull requests, only the content in the PR is scanned using an analysis methodology that minimizes the false positive rate.

On average, you can expect your pull request analysis to finish at least 50% faster however, it can be more depending on the size and language(s) in your pull requests. 

See all the details on the Community post.

* this will come soon for C++ and .NET.

We are happy to announce the rollout of our new rules format which helps you quickly and efficiently fix vulnerabilities in your code. This new format focuses on giving you the what, why and how (to fix) info around the issue so you can fix it and learn some new tricks for your developer toolkit!

• Get step-by-step instructions with just the information you need right now, in context, to solve the issue fast
• Dig into in-depth, educational and contextualized guidance to avoid similar issues in future
• Learn about and understand new vulnerability types

…all in the same tool and workflow you are already using every day. 

We have started with the top 15 security vulnerabilities - more to come soon! Learn more