old version

This is an old release announcement

See the latest version 8.5.1

SonarQube 8.2

Manage Security Hotspots like a pro + Python love & official Docker support

February 26th, 2020

Security Hotspot review helps you ensure your project's security

Security Hotspot review, for the win!

Security Hotspots are security-sensitive pieces of code, and we've been raising Security Hotspot issues in your projects for a while now. With 8.2, we give you the review interface you need to work through the Security Hotspots in your code, evaluating whether or not each one is fine or a vulnerability that could be exploited. And we'll help you track your progress with the new Security Hotspot Review rating. For each Security Hotspot you assess, you'll see the project's rating improve in real time.
Security Hotspot review

New Code focus in the project homepage

SonarQube 8.2 makes it even easier to Clean as You Code, with a streamlined version of the project homepage. You'll see New Code measures and your current Quality Gate status by default, with overall values available on the second tab.
New Code-focused project homepage

Python Code Security: more OWASP Top 10, plus CORS and more

We've made huge strides in Python analysis with this version, including 16 new, security-related rules, plus additional reliability rules pushing the total to more than 100 rules. First, on the security front, we've added significant OWASP Top 10 support with Security Hotspot rules to help you find hard-coded credentials, insecure cookies, unsecured databases, CORS, and more.

Additionally, we've also added in commercial editions detection of open redirects, server-side request forgery (SSRF) and injection detection rules for SQL, paths, LDAP, XPath, logs, and HTTP headers; as well as support of Django endpoints in all Python taint analysis rules.
Python Security Vulnerability

XSS and XXE detection, plus more Security Hotspot rules

While we've been improving Python analysis, we haven't forgotten the other languages. For Java, we've added cryptography-focused Security Hotspot rules, and in commercial editions the ability to detect XSS vulnerabilities for projects using Spring (Boot or Framework) with a Thymeleaf template engine.

For C#, there's a new rule to detect XML External Entity (XXE) Vulnerabilities in code using any of a large number of common APIs. In commercial editions, there's also coverage of additional frameworks in taint analysis rules for open redirects, SQL injection, XPath injection and command injection.

Easier config for PR, MR decoration DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Configuring decoration for BitBucket Server pull requests and GitLab merge requests just got easier! GitLab MR decoration is now supported with Jenkins and other CIs. For Bitbucket Server, once you've configured your instance in SonarQube, it's a simple matter to set up PR decoration during new project configuration.

It's official! We support Docker!

The wait is over! With 8.2, we're releasing officially supported Docker images for Community, Developer, and Enterprise Editions! Queue the fireworks!

Language Updates

With every release, we add more rules and capabilities so you can find more issues:

language C#
  • Improved support for C# 8
language CSS
  • Expanded analysis of CSS in non-CSS files, including the addition of CSS analysis in VueJS files
language C language C++

Time to enjoy all the
new version features!

Get SonarQube