Download SonarQube
The leading product for Code Quality and Security
HELPING DEVS SINCE 2008
Version: 9.1
Release: September 2021
The leading product for Code Quality and Security
HELPING DEVS SINCE 2008
Version: 9.1
Release: September 2021
The starting point for adopting code quality in your CI/CD
FREE & OPEN SOURCE
Download for freeAll the following features:
Java, JavaScript, C#, TypeScript, Kotlin, Ruby, Go, Scala, Flex, Python, PHP, HTML, CSS, XML and VB.NET
Maximum Application Security
Maximum value across branches & PRs
Community Edition plus:
Manage your Application Portfolio, enable Code Quality & Security at an Enterprise level.
Developer Edition plus:
High Availability, for global deployments
Enterprise Edition plus:
Long Term Support version, wrapping-up all the great features of 8.x series. (Developer-led Code Security, integrations for everyone & So. Much. More!)
This LTS is the most secure yet!
See features Documentation Release Notes Upgrade Guide Requirements
Download SonarQube 8.9.2 LTS
We're constantly shipping new versions since 2007! If you really need historical packages you'll find them below, however definitely consider upgrading to the latest and greatest.
Show all versions
September 2021 - Product PDFs, JS AWS Lambda taint analysis, Kotlin coroutine rules...
July 2021 - Official Bitbucket Pipes & GitHub Actions, Kotlin security for mobile devs, sharper taint analysis, C++20 & more
June 2021 - Long Term Support version, wrapping-up all the great features of 8.x series. (Developer-led Code Security, integrations for everyone & So. Much. More!)
March 2021 - GitHub Actions PR decoration, better onboarding, super-accurate detection of server-side JavaScript vulnerabilities, security reports & more
March 2021 - mono-repos join the family, Bitbucket Cloud & Azure DevOps Services support
January 2021 - JavaScript SAST & Azure DevOps Server onboarding
October 2020 - Find more vulnerabilities; Code Quality for your unit tests
July 2020 - Expanded OWASP Top 10 coverage; faster analysis; hot backups & faster startup
April 2020 - Even more Python love, Security Hotspot review enforced on New Code
February 2020 - Security Hotspot review, new project homepage
December 2019 - Quality Gate status in GitLab MRs, pipelines.
October 2019 - GitLab joins the SonarQube family.
July 2019 - Former LTS, wrapping-up all the great features of 7.x series (6 new languages, Application Security, PR decoration etc.).
June 19, 2019 - Developer Centric Application Security tools, more usable Portfolio summaries
March 20, 2019 - Quality Gate in Pull Requests, Injection Flaw rules for PHP & BitBucket Server support
January 28, 2019 - Drop of modules, simplification of Quality Gates, taint detection in collections
December 20, 2018 - Scala and Apex analysis, enhanced security reports & new language rules
October 29, 2018 - Ruby and open-sourced VB.NET analysis, import of issues from 3rd-party Roslyn analyzers
August 13, 2018 - Support for Kotlin and CSS languages, detection of Security Hotspots
June 19, 2018 - Analysis of Go code, detection of SQL injections, analysis of pull requests
April 17, 2018 - Homepage selection, project badges, new webhooks console, "New Code" measures without SCM
February 2, 2018 - Live update of project measures and quality gate status, read-only built-in "Sonar way" quality gate
November 8, 2017 - Former LTS, wrapping-up all the great features of 6.x series (Branch analysis, new Projects UI, deeper code analysis with multiple issue locations).
October 20, 2017 - New Measures page, "Edit Quality Profile" permission, enhanced "Projects Management" page, notification for failed background tasks, authentication for Webhooks
August 3, 2017 - Show leak on Projects space, understand the history of a project, read-only built-in quality profiles with highlighting on "Sonar way" ones, onboarding for new users
June 2, 2017 - Tag of projects, enhanced "Projects" page with more details/filters and with visualisations, efficient UX for issue multiple locations, private vs. public projects
April 12, 2017 - Project Activity page, remove noise on the leak period for newly activated rules, embed SonarPHP and SonarPython and SonarFlex
December 14, 2016 - New Projects page, consolidated coverage, webhooks, authentication by HTTP header, rating support in Quality Gates
October 13, 2016 - Redesign of the Settings domain, improvements on the project home page, first steps towards clustering
August 4, 2016 - Tracking of file move/renaming, better management of quality profiles and new rules, “Project Creator” permission
June 3, 2016 - Former LTS, wrapping-up all the great features of 5.x series. Leak concept, SonarQube Quality Model, increased Scalability and Security, and always more Developer-Oriented Features
May 3, 2016 - New SonarQube Quality Model, new Measures project page, Compute Engine in a dedicated process
March 9, 2016 - New “Code” page, “My Account” space, cross-module duplications, OAuth API for Identity providers
January 3, 2016 - New project homepage, cross-project duplication, access tokens
November 2, 2015 - Scanners no longer access the database, “My New Issues” notification, technical debt displayed in Issues page
July 27, 2015 - UI refresh, issues tags, auto-assignment of issues, new Rules page, Java 7+ support only
February 24, 2015 - New Issues page, Git/SVN built-in support, end of Maven 2 support
September 29, 2014 - Former LTS, wrapping-up all the great features of 4.x series. SQALE Rating and Technical Debt Ratio, active severity filter and display of remediation functions for rules page
September 26, 2014 - Management of rule templates and custom rules, new Component Viewer, improved multi-language support, built-in Web Service API page
July 31, 2014 - Quality Gate concept replacing Alert concept. Technical Debt UX integration.
March 26, 2014 - Multi-language support, tags for rules, new visual measure filter representations
February 20, 2014 - Tracking added technical debt, Elasticsearch integration, Bubble Chart, new “Administer Issue” permission
November 7, 2013 - Technical debt based on SQALE model, issue exclusion/inclusion, code coverage exclusion, project provisioning, end of support of WAR mode
Aug. 14, 2013 - Former LTS, wrapping-up all the great features of 3.x series. Bulk change for issues, ability to save/edit issues filters, new permissions to run analyses, bulk update of project permissions
June 26, 2013 - Search engine & changelog for violations, tracking of new coding rules, highlighting of variables/functions in source code viewer
April 13, 2013 - Tracking of unit tests, new rules on unit tests, new exclusion settings, enhanced email notifications
January 8, 2013 - New service to query measures, ability to compare projects, list of recent projects, alerts on measure variations
November 21, 2012 - Support of modules with different languages, overall coverage by unit and integration tests, enhanced file exclusions, new Java rules
October 3, 2012 - Technical debt based on SQALE model, issue exclusion/inclusion, code coverage exclusion, project provisioning, end of support of WAR mode
June 25, 2012 - Global dashboards, rules for unit tests
May 14, 2012 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
March 19, 2012 - Detection of cross-project duplications, user information from third-party systems, email notification on new violations
January 31, 2012 - New search engine, ability to change severity, group reviews by action plans, new widgets to track project activity
November 30, 2011 - Support Java7 projects, new hotspot widgets, improve detection of duplications
October 3, 2011 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
August 18, 2011 - Encryption of database password, TimeMachine available as widgets, 40 new bugs
July 18, 2011 - Improve manual code reviews, track Quality Profile changes
May 19, 2011 - Manual code review, analysis of Ant multi-modules projects, new tool to compare Quality profiles
April 1, 2011 - Coverage of recently changed code, better integration of SCM Activity plugin
February 18, 2011 - Ant task and Java standalone task to analyze projects
January 14, 2011 - Differential views, tracking of violations through time, new coding rules for Java projects
November 14, 2010 - Customizable dashboards, update center, architecture rules for Java projects
October 22, 2010 - Export/import Quality profiles, allow multiple configuration of the same coding rule
July 15, 2010 - User favourites, user filters to define its own queries
May 20, 2010 - Search for project usage/dependencies, new rules to detect unused Java private/protected methods
March 10, 2010 - Chidamber and Kemerer Metrics, Dependency Structure Matrix