What's New in SonarQube

Whether you’re evaluating a jump to the latest release or just want a stroll down memory lane - here’s what’s new over the past several releases.

July 1, 2019

SonarQube 7.9 LTSAll the great features since the 6.7 LTS and built for long-term support

Developer Led App Security

Static Application Security Testing (SAST) for everyone
With SonarQube, your development team gets security feedback and guidance during code review.

New Languages

We've added support for six more popular languages.

Tight ALM Integration

Deep support for 3 powerful ALM solutions. You get visibility to all the key metrics right where it counts.

Analyze Branches & Decorate Pull Requests
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Check the quality of your Pull Requests and branches directly in SonarQube. Only commit clean, safe code.

+Hundreds More Rules

Check out the language updates bundled with SonarQube 7.9

June 19, 2019

SonarQube 7.8Developer Centric Application Security tools and more usable Portfolio summaries

Detect Security Issues in Code Review

Security issues detected in code review
Security threats don’t always present as no-brainers. SonarQube helps developers spot areas of concern and offers next-step guidance.

Navigate and Comprehend Vulnerabilities Like a Pro
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Navigate complex data flows with improved vulnerability assessment UI.

Detect Security Hotspots in PRs and Branches
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Spot the bad actors hiding in your Pull Requests and Short-lived Branches.

Usable Portfolio PDFs
EE Available on Enterprise Edition DCE Available on Data Center Edition

Concise PDFs, containing actionable data, that are easy to embed in presentations.

+120 More Rules

Check out the language updates bundled with SonarQube 7.8

March 20, 2019

SonarQube 7.7Quality Gate in Pull Requests, Injection Flaw rules for PHP & BitBucket Server support

Quality Gate in Pull Requests DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Quality Gate status in pull requests
Pull Requests and Short-lived Branches get a real Quality Gate status joining duplication and test coverage metrics.

Support for GitHub Checks & BitBucket Code Insights
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Clear Code Quality section in the PR, where it matters most.

Injection Flaw Detection in PHP
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Now there are fewer languages where the bad guys can hide.

Find More Vulnerabilities
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

More injection rules for C# and Java; Security Hotspot detection for JavaScript and Python.

+89 More Rules

Check out the language updates bundled with SonarQube 7.7

Jan 28, 2019

SonarQube 7.6Smarter UX, increased security and new language rules

Code Quality Tracks Your Project Structure

The structure of a project with Code Quality
SonarQube 7.6 drops the concept of modules and keeps things simple with your file directory layout.

Quality Gates, Simplified

We’ve made it more straightforward to configure your Quality Gate and easier to understand in practice.

Tracking Untrusted Data from More C# Frameworks
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Track untrusted input coming from more frameworks: WCF, Winforms, ASP.NET WebForms & PetaPoco.

Tracking Insecure Data Through Collections
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

SonarQube 7.6 checks collections for tainted data so you’ll find them before they’re used in APIs where attacks can happen.

+33 new rules

Check out the language updates bundled with SonarQube 7.6

Dec 20, 2018

SonarQube 7.5Scala and Apex analysis, enhanced security reports & new language rules

Scala and Apex Join the Languages Family!

Compatible with Scala programming language and Apex programming language
With the addition of Scala and Apex, we’ve added 6 major languages in 6 months.

Fine Tune Security Reports

Keep your security settings in tip top shape without digging through screens and menus.

+24 new rules

Check out the language updates bundled with SonarQube 7.5

Duplication Metric on Short-lived Branches and Pull Requests
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

SonarQube 7.5 shows you duplication issues on short-lived branches and pull requests.

Oct 29, 2018

SonarQube 7.4Ruby analysis, .NET for all and much more

Ruby Analysis Has Arrived!

Compatible with Ruby programming language
More than 40 new rules, cognitive complexity and duplication detection - Ruby developers now have a code quality tool to call their own!

VB.NET Available for Everyone

SonarSource deepens its embrace of the .NET community by open-sourcing VB.NET analysis - available in the Community Edition.

Detect Security Hotspots in More Languages

In version 7.4, coverage is expanded to include VB.NET and C#.

JaCoCo Coverage

Import JaCoCo coverage reports (XML format) into your Kotlin and Java projects.

Consolidate All Reports From Your Roslyn Analyzers

SonarQube 7.4 is flexible and lets you automatically import their issues with zero configuration required.

+58 new rules

Check out the language updates bundled with SonarQube 7.4

Aug 13, 2018

SonarQube 7.3Analyze Kotlin, CSS and chase down vulnerabilities like a pro

Kotlin and CSS Join the Party

Cognitive complexity and duplication detection
Enjoy 50 new rules, cognitive complexity and duplication detection.

Chase Down Security Vulnerabilities

SonarQube can now detect Security Hotspots and prompt for developer review.

More Java and PHP Rules

SonarQube 7.3 includes several new Java and PHP rules.

Branches for Applications
EE Available on Enterprise Edition DCE Available on Data Center Edition

Monitor the quality of branches in your Applications.

June 18, 2018

SonarQube 7.2Analyze Go code, detect SQL injections and hook up external analyzers

Analysis of Go Code

Detecting issues in Go programming language
Go is now supported by SonarQube, providing 40+ rules, cognitive complexity and duplication detection.

Welcome External Analyzers

SonarQube 7.2 introduces a generic way to import issues found by 3rd-party analyzers.

Security Analysis
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

SonarQube can now analyze your code for injection vulnerabilities in Java and C#.

Pull Request Analysis
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition

Check the quality of your Pull Requests directly and benefit from inline comments in GitHub Ent and Azure DevOps.

Embedded Docs

All important concepts and explanations are now available directly in the SonarQube UI.