The road ahead for the 9.x LTS

At SonarSource, our primary constituency is Developers. They are and always will be our primary focus. But we’ve got other constituencies too (managers, Ops folks, …), and we’ll make sure to take care of them in the 9-series.

Running analysis

Put a bow on DevOps platform integrations

We’ve done a lot of work in recent years on integrations with the major DevOps platforms: GitHub, GitLab, Azure DevOps, and Bitbucket. In the 9-series, we’ll round that out with platform-native Actions and Pipes, and flesh out the suite of onboarding tutorials. And of course, we’ll keep an eye on further platform developments to evolve along with them and meet your emerging needs.

Speed up analysis

The longer it takes to get your analysis results, the less useful they are in the daily development workflow. So we’ll be looking at every aspect of analysis to shave away every wasted millisecond.

Detecting issues

Secure mobile apps

Mobile development has become a hugely important area, and we want to help developers do it right - even before they get to the required Play Store checks. We’ll be adding both Security and Reliability (Bug) rules to help you keep your mobile code clean and safe.

Add advanced bug detection

It’s not just security issues that need to follow the flow from method to method and file to file. So we’ll be expanding the advanced analysis techniques we use to detect Vulnerabilities to finding tricky bugs too. We’ll also expand the advanced regex rules we discovered and developed for Java into other languages, and continue our research and expansion into additional areas where development gets complex.

Improve detection of all types

Our continuing mission is to “kill the noise” made by false positives across all rule types. We’ll go even farther in that direction by improving rule precision to >80% for all Vulnerabilities and for Blocker and Critical rules for Bugs and Code Smells.


Add reports

You asked, we (finally) heard you. Project PDFs are coming, along with a number of other reports including a detailed project-level report intended to meet regulatory requirements.

Improve Portfolios

We’ll re-focus Portfolios in this series to highlight the same Clean-as-You-Code approach that we present to developers, so that users at all levels get a consistent message. And we’ll add support for project and application branches, and show sub-entities in the Portfolio PDF.


Provide traceability & delegation

We’ll start audit-trailing security-related changes (think users, permissions…) so you can tell when a change was made and who made it. And speaking of making changes, we’ll enable (better) delegation of Quality Gate and Quality Profile administration.

Support Kubernetes in Data Center Edition

The point of Data Center Edition is to support high availability in mission critical deployments. We’ll make that easier than ever with official support of Kubernetes for DCE, plus monitoring and improved logging.

Follow along & tell us what you think

We’ve painted the roadmap in broad strokes here. For detail you’ll want to drill into our Productboard Portal. There you’ll find what we’ve done, what we’re doing, and what we’re going to do. That is, you’ll find the running list of features we’ve released, what we’re working on for the next release, and what’s in the backlog so far for the rest of the series.

You’ll also find all the features we need your feedback on. These are the features we don’t know whether to work on or not (your votes matter!). Drill in to each one to see which is which and to vote and give us your feedback!