The Definitive Guide to
SonarQube 7.9
What is an LTS? It’s simply a version designed for Long-Term Support and built for months of reliability. Of course, all the features released since the last LTS (6.7) are neatly packaged up and included.
Read on to discover all the benefits to upgrading
New Languages
Since the last LTS, we added support for six more languages and hundreds of new rules. We now help you spot bugs, vulnerabilities and code smells in 27 popular languages.

Developer Led App Security
With SonarQube, your development team finds security issues right in code review where they’re easiest to fix.
Hotspots
Code Review
Security Hotspots highlight suspicious code snippets that developers should review and triage as they may hide a vulnerability.
Available for:
Vulnerabilities
Code Change/Fix
Security Vulnerabilities require immediate action. SonarQube provides detailed issue descriptions and code highlights that explain why your code is at risk.
Available for:
Detection of Injection Flaws
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Don’t let untrusted user input flow through your code and compromise your application.

- Java
- PHP
- C#

OWASP / SANS Security Reports
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Built-in security reports, with developer friendly language, shorten the vulnerability feedback loop and get developers fixing security holes quickly.
Analysis That Fits the Way You Work
Get all your code analyzed, right where it lives. We’ve included more tools and integrations that align analysis with your preferred workflow.
Pull Request Analysis
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Adding to the analysis of feature and maintenance branches, you can now check the quality of your Pull Requests. Only commit clean, safe code.
Branches for Applications
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Monitor the quality of branches in your Applications, after choosing which branches to track in underlying projects.

Pull Request Decoration
Quality & Security feedback right in your favorite ALM, with clear Quality Gate status and issue summary.
- Bitbucket Server
- GitHub Enterprise
- Azure DevOps Server

Enterprise Management Tools
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Know where your projects stand. Get everyone in the value chain speaking the same code quality ‘language’, derived from a common set of metrics.
Live Portfolio/Application Updating
Portfolio releasability along with other KPIs, are now updated automatically as underlying projects are analysed.


New Portfolio PDFs
The new format generates concise PDFs with actionable data that’s easy to embed in presentations and share with larger audiences.
Clean Portfolio hierarchy
The Portfolios page now focuses on the few global Portfolios you’ve defined and makes it easy for you to explore them more in detail.
Additional Features…
- Project structure follows file directory layout
- Built-in project badges
- Import analysis from 3rd party tools (TSLint, ESLint, PMD, Checkstyle, etc.)
- Scale compute engine resources
- VB.NET now free and open-source
- Documentation now embedded in the product
- SAML 2.0 support
- Create Portfolios using project tags