Download
Download
OLD VERSION This is an old release announcement. See the latest 7.9 LTS

SonarQube 7.2

June 18, 2018
Analyze Go code, detect SQL injections, hook up external analyzers. Your code will be cleaner than ever with SonarQube 7.2 !

Analysis of Go code

Go is now supported by SonarQube, providing 40+ rules, cognitive complexity, duplication detection and so much more. It’s open-source, and it’s available to all the Go developers out there !
Go Language
Oh, and if you’re already using another Go analyzer and wondering how SonarQube can play with that, then read what’s coming below.

Welcome External Analyzers !

SonarQube 7.2 introduces a generic way to import issues found by 3rd-party analyzers.
No need to jump from one tool to another, just benefit from a consolidated view in SonarQube. Even better: SonarQube has built-in support for some of the standard analyzers out there.
 

TSLint and ESLint friendly

TypeScript developers can now upload their TSLint and ESLint reports, and track them next to issues detected by SonarQube’s TypeScript analyzer.

Keep on using other Go analyzers

On top of enjoying the new built-in Go analyzer, you can also keep on importing any govet, golint and gometalinter issue you’ve been tracking.

An open framework to build upon

The import of issues from 3rd-party analyzers is built in the open core of SonarQube (learn more). You can use it with custom tools you may have, and SonarQube will also support more standard analyzers in the future.
Branch analysis

Security Analysis DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

SonarQube 7.2 marks a great milestone in the detection of security vulnerabilities. The most famous CWE patterns of OWASP Top 10 can run scared, as SonarQube can now continuously analyze your code against the following rules (in Java and C#):  

SQL query injection

Detect SQL injection vulnerabilities

Learn more

OS command injection

Detect OS command injection vulnerabilities

Learn more

XPath expressions injection

Detect XPath injection vulnerabilities

Learn more

LDAP query injection

Detect LDAP injection vulnerabilities

Learn more

I/O function calls injection

Detect I/O function calls injection vulnerabilities

Learn more

Regular expressions injection

Detect regular expressions injection vulnerabilities

Learn more
Security

Analysis of Pull Requests DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Check the quality of your Pull Requests directly in SonarQube (just like branches), and also benefit from inline comments for GitHub and TFS. Only clean code will make it to the main branch!

Github Enterprise

Branch analysis
Automated Pull Request decoration in GitHub Enterprise
 

Microsoft TFS

SonarLint notifications
Automated Pull Request decoration in Microsoft TFS

User Experience, Continuously Improved

SonarQube 7.2 continues to raise the bar in terms of user experience, so that you can focus on the essential: code quality.

Embedded Documentation

All important concepts and explanations are now available directly in the SonarQube UI.

New Packaging

Commercial packages are now distributed individually, so you directly get the features and functionality that match your needs.

And there's more in latest versions!

See What's New on SonarQube

A SonarSource™ Product

Get Started

Features

Get Involved

About SonarQube

© 2008-2019, SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE and SONARSOURCE are trademarks of SonarSource SA.

All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.