What’s ahead for 2020

The 8.x LTS, which is expected in early 2021, will add significant value in the areas of security, operability, integration, and Python analysis.


For the 7.9 LTS we entered the SAST (Static Application Security Testing) arena with taint analysis rules for Java, C#, and PHP, and Hotspots for those languages plus another three. For the 8.x LTS, we’ll expand that offering with more rules and more languages. Expect to see taint analysis expanded to Python, C++, C, JavaScript, and TypeScript, and expect to see the range of covered vulnerabilities expand too. We’ll also add more Hotspot rules and make the Hotspot concept more intuitive and easier to use. (Because not everything that might be a Vulnerability actually is a Vulnerability.)


Speaking of Python, we’re planning to really bring it this year. Expect top-notch analysis with high-value rules - quality and security - out of the box, no other tools required.


We’ve done a good job so far providing integrations with major ALM and CI/CD tool chains, but “good” isn’t good enough. By the end of 2020, we expect to have seamless integration - both on-prem and in the cloud - with GitHub, Azure, BitBucket, and GitLab, as well as making it easier to get all your code (branches) analyzed via Jenkins.


On the DevOps side, we’ll make life easier with an official, supported Docker Scanner image, as well as an official, supported image for each SonarQube edition. On top of that, we’ll add support for

  • an orchestration system such as Kubernetes
  • monitoring
  • geographical (active/passive) redundancy

And more…

As usual, we’ll add plenty of smaller features too. A sampling of the current short-list: tests as first-class citizens (e.g. analyzed with “real” rules), support for mono repos, and Portfolio branches.

Watch the What’s New page to keep up with these features as we deliver them.

We appreciate your interest in SonarQube! If you have any questions or comments, please reach out on our Community Forum!