Sonar is excited to bring you the latest SonarQube release with significant security enhancements and new Clean Code changes.
Highlights of the SonarQube 10.3 release…
Secrets Detection at the Source
Sonar’s new Secrets Detection engine helps you find and eliminate secrets at the source in your IDE with SonarLint and further prevents them from entering your CI/CD Pipeline with SonarQube. For Enterprise Edition users and above, you can protect your private company secrets with custom rules.
Clean Code Taxonomy Updates
Changes to Pull Requests, External Issues, propagation of new rules, and improvements to Quality Profile inheritance together help turn your attention toward the cause of poorly written code and not the result, reducing confusion and simplifying the experience of issue resolution.
Clean as You Code Improvements
Avoid the headache of cleaning legacy code by cleaning only new code. We are introducing a new zero issues Sonar way Quality Gate that prevents any issues from entering your newly developed code. With the new Sonar way Quality Gate, being able to open an issue in the IDE from SonarQube for quick issue resolution, and resolving external issues in SonarQube, introducing any new technical debt to your projects will be a thing of the past. As a side benefit, over time, you will also realize a reduced technical debt in your legacy code.
Learn more about Clean as You Code criteria and the new Sonar way Quality Gate.
Stronger Security
Along with our new Secrets Detection engine, we’ve added the new 2023 CWE top 25 Report for performing risk assessment. There is now a two-way sync of issue status with the GitLab Vulnerability report. Enhanced support for Dockerfiles and a few other security issues deliver more robust security capabilities to you.
Easy Onboarding
For users of GitHub, we now auto-provision a SonarQube project when an analysis is triggered in GitHub. You can automate GitHub project setup via API. Manual sync of users, permissions, and groups between SonarQube and GitHub is no longer needed because auto-sync has been added, so SonarQube will always match your GitHub configuration.
Operational Improvements & Language Updates
There are quite a few changes in both operational improvements and language updates. Some highlights include upgrade change messaging to see precisely why your issue count has changed after an upgrade, first-class support for React, Razor templates, the Blazor framework, and new rules for NumPy and Pandas libraries in Python for Data Scientists and Machine Learning practitioners.
For more details, see the 10.3 release announcement and our product 10.3 release notes.
Are you still on an older SonarQube version?
If you’re on a version older than 9.9, upgrade to SonarQube 9.9 LTS before upgrading to 10.3. Check out this helpful checklist for a smoother upgrade. Watch the on-demand LTS upgrade webinar highlighting a step-by-step approach and common pitfalls encountered during the upgrade.
SonarQube is a DevOps Dozen finalist!
Share your love for SonarQube — cast your vote for SonarQube in the Best Testing/Service Tool category for the DevOps Dozen Awards. Voting closes on December 31st.