Operating SonarQube is easier than ever
We've made running SonarQube easier and more secure than ever. SonarQube has been security-hardened to U.S. Department of Defense standards (i.e. STIG-hardened), with a Docker image per edition on Docker Hub and in the DoD's Iron Bank. That plus a Helm chart for Kubernetes support make SonarQube easier than ever to deploy.
Routine maintenance is easier too, with support for hot database backups. And upgrading is easier than ever with progressive availability during upgrades; now SonarQube is available for analysis and limited browsing even before reindexing is complete.
Learn moreTime for Python devs to onboard with SonarQube
Python support hasn’t always been our top focus in the past, and this LTS changes that once and for all. We did what it takes to offer best-in-class static code analysis for Python, making it a no-brainer for Python developers to go ahead and adopt SonarQube.
This LTS adds in-depth analysis to catch the tricky Bugs and Vulnerabilities developers expect, with the sane defaults, high performance and minimal configuration that's standard to SonarQube. We’ve got Python support for up to version 3.9 of the language, in order to properly track issues through all language structures, frameworks, and types. And for teams just transitioning from other tools, there is easy import of Pylint and Flake8 reports, plus the ability to write custom rules.
And on top of all this is support in commercial editions for taint analysis rules to detect taint analysis Vulnerabilities such as injection flaws.
Learn more
C++ brings the rules & performance developers want
With comprehensive coverage of the C++ Core Guidelines and a broad set of C++17-specific rules, we've made following modern best practices easy. And if your shop uses multiple standard versions, managing your Quality Profile gets easy too: enable the rules for all the versions you use and we'll activate them based on the standard version the project compiles to. In addition, we've made several improvements to analysis performance and added support for a broad range of additional compilers.
That's in addition to a significant expansion of security-focused rules, including the detection of buffer overflows in POSIX functions.
And finally, Community Edition users can use C++ analysis for free with the newly-introduced SonarLint for CLion, as well as in SonarLint for VisualStudio.
Learn moreClean as You Code, best practices move to the front
As part of our ongoing mission to help every developer write better code every day, we've given some love to elements often overlooked by the industry. First, you'll find a re-written project homepage. The new interface puts the quality and security of New Code front and center to help you better focus on Cleaning as You Code. Second, we've added rules in Java, PHP and C# to help you write tests correctly. And finally, we've made Applications available to all commercial versions, so that more teams can monitor the quality of projects that ship together in one aggregated, synthetic project.
The most secure LTS yet!
We don't just care about the security of your code, we also care about the security of your overall SonarQube environment. That's why we've:
- Applied additional hardening to the build of SonarQube itself and to our internal build pipeline
- Limited library loading in SonarQube to only those libraries provided by SonarSource
- Limited plugins' access to core functionality to only what's available through APIs
- Added additional controls to the plugin Marketplace
You will also find simple but effective new safeguards such as forcing SonarQube administrators to change the default admin credentials.
