Download SonarQube
The leading product for Code Quality and Security
HELPING DEVS SINCE 2008
Version: 9.1
Release: September 2021
Community
The starting point for adopting code quality in your CI/CD
FREE & OPEN SOURCE
Download for freeAll the following features:
-
Static code analysis for 15 languages
Java, JavaScript, C#, TypeScript, Kotlin, Ruby, Go, Scala, Flex, Python, PHP, HTML, CSS, XML and VB.NET
- Detect Bugs & Vulnerabilities
- Review Security Hotspots
- Track Code Smells & fix your Technical Debt
- Code Quality Metrics & History
- CI/CD integration
- Extensible, with 50+ community plugins
Developer
Maximum Application Security
Maximum value across branches & PRs
Download
License key will be needed to activate
Community Edition plus:
- C, C++, Obj-C, Swift, ABAP, T-SQL, PL/SQL support
- Detection of Injection Flaws in Java, C#, PHP, Python, Javascript, Typescript
- Analysis of feature and maintenance branches
- Pull Request decoration for:
GitHub
Bitbucket
Azure DevOps
GitLab
Enterprise
Manage your Application Portfolio, enable Code Quality & Security at an Enterprise level.
Download
License key will be needed to activate
Developer Edition plus:
- Portfolio Management & PDF Executive Reports
- Project PDF reports
- Security Reports
- Project Transfer
- Parallel processing of analysis reports
- Support for Apex, COBOL, PL/I, RPG, VB6
Data Center
High Availability, for global deployments
License key will be needed to activate
Enterprise Edition plus:
- Component redundancy
- Data resiliency
- Horizontal Scalability
Long term support
SonarQube 8.9.2 LTS (July 2021)
Long Term Support version, wrapping-up all the great features of 8.x series. (Developer-led Code Security, integrations for everyone & So. Much. More!)
This LTS is the most secure yet!
See features Documentation Release Notes Upgrade Guide Requirements
Download SonarQube 8.9.2 LTS
Historical Downloads
We're constantly shipping new versions since 2007! If you really need historical packages you'll find them below, however definitely consider upgrading to the latest and greatest.
Show all versions
-
SonarQube 9.1
September 2021 - Product PDFs, JS AWS Lambda taint analysis, Kotlin coroutine rules...
-
SonarQube 9.0.1
July 2021 - Official Bitbucket Pipes & GitHub Actions, Kotlin security for mobile devs, sharper taint analysis, C++20 & more
-
SonarQube 8.9 LTS
June 2021 - Long Term Support version, wrapping-up all the great features of 8.x series. (Developer-led Code Security, integrations for everyone & So. Much. More!)
-
SonarQube 8.8
March 2021 - GitHub Actions PR decoration, better onboarding, super-accurate detection of server-side JavaScript vulnerabilities, security reports & more
-
SonarQube 8.7.1
March 2021 - mono-repos join the family, Bitbucket Cloud & Azure DevOps Services support
-
SonarQube 8.6.1
January 2021 - JavaScript SAST & Azure DevOps Server onboarding
-
SonarQube 8.5.1
October 2020 - Find more vulnerabilities; Code Quality for your unit tests
-
SonarQube 8.4.2
July 2020 - Expanded OWASP Top 10 coverage; faster analysis; hot backups & faster startup
-
SonarQube 8.3.1
April 2020 - Even more Python love, Security Hotspot review enforced on New Code
-
SonarQube 8.2
February 2020 - Security Hotspot review, new project homepage
-
SonarQube 8.1
December 2019 - Quality Gate status in GitLab MRs, pipelines.
-
SonarQube 8.0
October 2019 - GitLab joins the SonarQube family.
-
SonarQube 7.9.6 (former LTS)
July 2019 - Former LTS, wrapping-up all the great features of 7.x series (6 new languages, Application Security, PR decoration etc.).
-
SonarQube 7.8
June 19, 2019 - Developer Centric Application Security tools, more usable Portfolio summaries
-
SonarQube 7.7
March 20, 2019 - Quality Gate in Pull Requests, Injection Flaw rules for PHP & BitBucket Server support
-
SonarQube 7.6
January 28, 2019 - Drop of modules, simplification of Quality Gates, taint detection in collections
-
SonarQube 7.5
December 20, 2018 - Scala and Apex analysis, enhanced security reports & new language rules
-
SonarQube 7.4
October 29, 2018 - Ruby and open-sourced VB.NET analysis, import of issues from 3rd-party Roslyn analyzers
-
SonarQube 7.3
August 13, 2018 - Support for Kotlin and CSS languages, detection of Security Hotspots
-
SonarQube 7.2.1
June 19, 2018 - Analysis of Go code, detection of SQL injections, analysis of pull requests
-
SonarQube 7.1
April 17, 2018 - Homepage selection, project badges, new webhooks console, "New Code" measures without SCM
-
SonarQube 7.0
February 2, 2018 - Live update of project measures and quality gate status, read-only built-in "Sonar way" quality gate
-
SonarQube 6.7.7 (former LTS)
November 8, 2017 - Former LTS, wrapping-up all the great features of 6.x series (Branch analysis, new Projects UI, deeper code analysis with multiple issue locations).
-
SonarQube 6.6
October 20, 2017 - New Measures page, "Edit Quality Profile" permission, enhanced "Projects Management" page, notification for failed background tasks, authentication for Webhooks
-
SonarQube 6.5
August 3, 2017 - Show leak on Projects space, understand the history of a project, read-only built-in quality profiles with highlighting on "Sonar way" ones, onboarding for new users
-
SonarQube 6.4
June 2, 2017 - Tag of projects, enhanced "Projects" page with more details/filters and with visualisations, efficient UX for issue multiple locations, private vs. public projects
-
SonarQube 6.3.1
April 12, 2017 - Project Activity page, remove noise on the leak period for newly activated rules, embed SonarPHP and SonarPython and SonarFlex
-
SonarQube 6.2
December 14, 2016 - New Projects page, consolidated coverage, webhooks, authentication by HTTP header, rating support in Quality Gates
-
SonarQube 6.1
October 13, 2016 - Redesign of the Settings domain, improvements on the project home page, first steps towards clustering
-
SonarQube 6.0
August 4, 2016 - Tracking of file move/renaming, better management of quality profiles and new rules, “Project Creator” permission
-
SonarQube 5.6.7 (former LTS)
June 3, 2016 - Former LTS, wrapping-up all the great features of 5.x series. Leak concept, SonarQube Quality Model, increased Scalability and Security, and always more Developer-Oriented Features
-
SonarQube 5.5
May 3, 2016 - New SonarQube Quality Model, new Measures project page, Compute Engine in a dedicated process
-
SonarQube 5.4
March 9, 2016 - New “Code” page, “My Account” space, cross-module duplications, OAuth API for Identity providers
-
SonarQube 5.3
January 3, 2016 - New project homepage, cross-project duplication, access tokens
-
SonarQube 5.2
November 2, 2015 - Scanners no longer access the database, “My New Issues” notification, technical debt displayed in Issues page
-
SonarQube 5.1.2
July 27, 2015 - UI refresh, issues tags, auto-assignment of issues, new Rules page, Java 7+ support only
-
SonarQube 5.0.1
February 24, 2015 - New Issues page, Git/SVN built-in support, end of Maven 2 support
-
SonarQube 4.5.7 (former LTS)
September 29, 2014 - Former LTS, wrapping-up all the great features of 4.x series. SQALE Rating and Technical Debt Ratio, active severity filter and display of remediation functions for rules page
-
SonarQube 4.4.1
September 26, 2014 - Management of rule templates and custom rules, new Component Viewer, improved multi-language support, built-in Web Service API page
-
SonarQube 4.3
July 31, 2014 - Quality Gate concept replacing Alert concept. Technical Debt UX integration.
-
SonarQube 4.2
March 26, 2014 - Multi-language support, tags for rules, new visual measure filter representations
-
SonarQube 4.1.2
February 20, 2014 - Tracking added technical debt, Elasticsearch integration, Bubble Chart, new “Administer Issue” permission
-
SonarQube 4.0
November 7, 2013 - Technical debt based on SQALE model, issue exclusion/inclusion, code coverage exclusion, project provisioning, end of support of WAR mode
-
SonarQube 3.7.4 (former LTS)
Aug. 14, 2013 - Former LTS, wrapping-up all the great features of 3.x series. Bulk change for issues, ability to save/edit issues filters, new permissions to run analyses, bulk update of project permissions
-
SonarQube 3.6.3
June 26, 2013 - Search engine & changelog for violations, tracking of new coding rules, highlighting of variables/functions in source code viewer
-
SonarQube 3.5.1
April 13, 2013 - Tracking of unit tests, new rules on unit tests, new exclusion settings, enhanced email notifications
-
SonarQube 3.4.1
January 8, 2013 - New service to query measures, ability to compare projects, list of recent projects, alerts on measure variations
-
SonarQube 3.3.2
November 21, 2012 - Support of modules with different languages, overall coverage by unit and integration tests, enhanced file exclusions, new Java rules
-
SonarQube 3.2.1
October 3, 2012 - Technical debt based on SQALE model, issue exclusion/inclusion, code coverage exclusion, project provisioning, end of support of WAR mode
-
SonarQube 3.1.1
June 25, 2012 - Global dashboards, rules for unit tests
-
SonarQube 3.0.1
May 14, 2012 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
-
SonarQube 2.14
March 19, 2012 - Detection of cross-project duplications, user information from third-party systems, email notification on new violations
-
SonarQube 2.13.1
January 31, 2012 - New search engine, ability to change severity, group reviews by action plans, new widgets to track project activity
-
SonarQube 2.12
November 30, 2011 - Support Java7 projects, new hotspot widgets, improve detection of duplications
-
SonarQube 2.11
October 3, 2011 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
-
SonarQube 2.1
August 18, 2011 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
-
SonarQube 2.9
July 18, 2011 - Improve manual code reviews, track Quality Profile changes
-
SonarQube 2.8
May 19, 2011 - Manual code review, analysis of Ant multi-modules projects, new tool to compare Quality profiles
-
SonarQube 2.7
April 1, 2011 - Coverage of recently changed code, better integration of SCM Activity plugin
-
SonarQube 2.6
February 18, 2011 - Ant task and Java standalone task to analyze projects
-
SonarQube 2.5
January 14, 2011 - Differential views, tracking of violations through time, new coding rules for Java projects
-
SonarQube 2.4.1
November 14, 2010 - Customizable dashboards, update center, architecture rules for Java projects
-
SonarQube 2.3.1
October 22, 2010 - Export/import Quality profiles, allow multiple configuration of the same coding rule
-
SonarQube 2.2
July 15, 2010 - User favourites, user filters to define its own queries
-
SonarQube 2.1.2
May 20, 2010 - Search for project usage/dependencies, new rules to detect unused Java private/protected methods
-
SonarQube 2.0
March 10, 2010 - Chidamber and Kemerer Metrics, Dependency Structure Matrix
