SonarQube 8.1 adds Quality Gate info in Merge Requests when using GitLab CI pipelines in your workflow. Now, for all GitLab editions, you'll be notified in a
comment on your MR of any new Bugs or Security Vulnerabilities, and you'll know whether it passes or fails
your Quality Gate. If it fails, you'll get a clear summary of what needs to be cleaned up to merge.
Integrate your Quality Gate with your GitLab pipeline
Need your pipeline status to reflect the project Quality Gate? Now SonarQube can fail the individual pipeline
step or the whole pipeline for a failing Quality Gate depending on your configuration.
Python analysis takes baby steps toward killer features
This version of SonarQube adds 26 new Code Quality and Security™ rules, including nine Bug detection rules
and three rules to find Security Vulnerabilities. With these new rules, we've created and validated the
building blocks for future development. Not only have we ensured a very high true-positive rate, but
we've also laid the foundation to be able to make regular deliveries of valuable, accurate sets
of new rules in the next versions of SonarQube. See all Python rules.
Additionally, this version includes symbol highlighting for Python, which means that when you're looking
at an issue it's even easier than before to understand the context. Just click a symbol to see all the
places in the code where it's used.
We've beefed up taint analysis in Java with support for Spring dependency injection as well as
the Java factory pattern. That means you can now shine a spotlight on, for instance, SQL injection
flaws that previously lurked undetected in Spring interface implementations. We've also added support
in these taint analysis rules for C# 8 syntax.
With the addition of 20 new rules based on the
C++ Core Guidelines,
SonarQube 8.1 covers 53 of the 64 rules our initial analysis identified for implementation.
This batch of rules was selected to be both highly relevant and extremely valuable to a wide range
of users, and relevant to existing code bases.
See all C++ Core Guidelines
Facing a complex environment with multiple instances of GitHub Enterprise or some other ALM?
SonarQube 8.1 lets you handle that smoothly, with global configuration of each
instance and project-level selection of the right one.
With 8.1, SonarQube takes the first steps toward official support of online ALMs.
You can now easily configure PR decoration (in commercial editions) and authentication for GitHub.com.
With every release we add more rules and capabilities so you can find more issues: