old version

This is an old release announcement

See the latest version 8.5.1

SonarQube 8.1

GitLab™ Merge Request comments for everyone!

December 16th, 2019

GitLab-SonarQube integration gets even better

Decorate GitLab Merge Requests DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

SonarQube 8.1 adds Quality Gate info in Merge Requests when using GitLab CI pipelines in your workflow. Now, for all GitLab editions, you'll be notified in a comment on your MR of any new Bugs or Security Vulnerabilities, and you'll know whether it passes or fails your Quality Gate. If it fails, you'll get a clear summary of what needs to be cleaned up to merge.
GitLab branches & merge requests

Integrate your Quality Gate with your GitLab pipeline

Need your pipeline status to reflect the project Quality Gate? Now SonarQube can fail the individual pipeline step or the whole pipeline for a failing Quality Gate depending on your configuration.

Python analysis takes baby steps toward killer features

This version of SonarQube adds 26 new Code Quality and Security™ rules, including nine Bug detection rules and three rules to find Security Vulnerabilities. With these new rules, we've created and validated the building blocks for future development. Not only have we ensured a very high true-positive rate, but we've also laid the foundation to be able to make regular deliveries of valuable, accurate sets of new rules in the next versions of SonarQube. See all Python rules.

Additionally, this version includes symbol highlighting for Python, which means that when you're looking at an issue it's even easier than before to understand the context. Just click a symbol to see all the places in the code where it's used.
pyhton

Find injection flaws once hidden by Java dependency injection, C# 8 DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

We've beefed up taint analysis in Java with support for Spring dependency injection as well as the Java factory pattern. That means you can now shine a spotlight on, for instance, SQL injection flaws that previously lurked undetected in Spring interface implementations. We've also added support in these taint analysis rules for C# 8 syntax.

Better C++ Core Guidelines, MISRA compliance DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

With the addition of 20 new rules based on the C++ Core Guidelines, SonarQube 8.1 covers 53 of the 64 rules our initial analysis identified for implementation. This batch of rules was selected to be both highly relevant and extremely valuable to a wide range of users, and relevant to existing code bases. See all C++ Core Guidelines implementations

This version also adds six new strict implementations of MISRA C++ 2008 rules. See all MISRA C++ 2008 implementations.

Decorate PRs in multiple instances of an ALM EE Available on Enterprise Edition

Facing a complex environment with multiple instances of GitHub Enterprise or some other ALM? SonarQube 8.1 lets you handle that smoothly, with global configuration of each instance and project-level selection of the right one.

GH.com support

With 8.1, SonarQube takes the first steps toward official support of online ALMs. You can now easily configure PR decoration (in commercial editions) and authentication for GitHub.com.

Language Updates

With every release we add more rules and capabilities so you can find more issues:

Time to enjoy all the
new version features!

Get SonarQube