SonarQube 9.2 CloudFormation & Terraform, Python Lambda taint analysis; Android rules and more
IaC security: CloudFormation, Terraform analysis
Taint analysis for Python AWS Lambdas DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Protect the critical business logic in your Python AWS Lambdas with taint analysis.
Secure your Android development across languages
New rules for Kotlin, Java and XML, plus better support for the mobile development workflow.
Advanced regex rules for Kotlin, Python
Regular expressions can be tricky regardless of language. These rules help you get them right.
Metric badges for private projects
Publish your Quality Gate or coverage status to all concerned
SonarQube 9.1Product PDFs, JS AWS Lambda taint analysis, Kotlin coroutine rules...
Project PDF reports EE Available on Enterprise Edition DCE Available on Data Center Edition
Taint analysis for JavaScript AWS Lambdas DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Protect the critical business logic in your JavaScript AWS Lambdas with taint analysis.
Kotlin rules for coroutines, data storage and privacy
New rules to help you avoid coroutine pitfalls & follow MASVS privacy requirements.
Advanced regex rules for JS/TS, PHP
It's easy to mess up a regular expression. Now it's easy to find & fix the problem.
Beta: Manage your cluster with K8S DCE Available on Data Center Edition
DCE users, this is what you've been waiting for: the official K8S support beta!
SonarQube 9.0Official Bitbucket Pipes & GitHub Actions, Kotlin security for mobile devs, C++20
Official Bitbucket Pipes & GitHub Actions
Kotlin security for mobile development
Helping Kotlin developers secure their Android apps from the start
Taint analysis precision honed across languages DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Improved detection eliminates false positives, false negatives across languages
C++20 parsing, rules & Compilation Database support DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Parsing of significant C++20 features & 18 rules. Analysis support for Compilation Database.
SonarQube 8.9 LTS Developer-led Code Security, integrations for everyone & So. Much. More!
Developer ownership of Code Security
In-cloud? On-prem? Your platform is covered!
From project setup to failing the pipeline, we've got integrations wherever your code lives
Operating SonarQube is easier than ever
Official Docker support, plus image hardening, hot DB backups & faster recovery.
Python gets full support
In-depth analysis & high performance with minimal config. Plus frameworks, types & Python 3.9
C++ brings the rules & performance developers want DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Comprehensive coverage of the C++ Core Guidelines, a broad set of C++17-specific rules.
SonarQube 8.8GitHub Actions, server-side JavaScript vulnerabilities, security reports & more
PR decoration for GitHub Actions
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Fail Bitbucket Cloud pipelines
Now you can fail your Bitbucket Cloud pipeline for an analysis that fails its Quality Gate
Onboarding for C, C++, C# & Gitlab + Jenkins
New onboarding tutorials for Gitlab users on Jenkins, and for C, C++ and C# users
JS SAST finds Node.js, Express.js vulnerabilities
Most major server-side injection vulnerabilities are detected in Node.js and Express.js
Expanded Security reporting + PDF format EE Available on Enterprise Edition DCE Available on Data Center Edition
New reports for CWE Top 25 - 2019 & 2020 versions - and a PDF version of the top reports.
SonarQube 8.7Bringing more SAST to JavaScript, mono-repos join the family, Bitbucket Cloud & Azure DevOps Services support
JavaScript SAST analysis - part deux !
Coverage for OWASP Top 10/ CWE Top 25
Find the worst offenders - 80%+ detection for Java, Javascript, C & C++ (some rules require commercial edition)
Write clean, quality PHP
Find vulnerabilities in PHP Core, Symfony & Laravel.
Bitbucket Cloud & Azure DevOps Services integration
Analyze your cloud-based code living in Bitbucket and Azure DevOps locations.
Rules covering C++17
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Take full advantage of C++17 without introducing code quality issues
SonarQube 8.6JavaScript SAST & Azure DevOps Server onboarding
JavaScript SAST analysis
Azure DevOps Server onboarding
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Onboard your ADO projects in just a few simple steps & settings validation for all ALMs.
Direct IDE link for Security Hotspots
Handling Security Hotspots gets even easier with a new link to the code location in-IDE.
Reading your PHP type hints means more accurate analysis
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
No more guessing at your variable types! Analysis now uses your hints for better accuracy.
Better C++ standards support
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Standard-specific rules only turn on when you compile to that version of the standard, plus new C++ 17 rules.
SonarQube 8.5Find more vulnerabilities; Code Quality for your unit tests
Plenty of C++ love
DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Improved taint analysis engine
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Improved accuracy & fewer FPs in Java, C# & PHP with RIPS Tech inspired upgrades.
Write clean, quality test code
Just because it's test code doesn't mean it shouldn't be quality code. New rules check Java & PHP unit tests.
Detect more C# vulnerabilities
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Find XSS vulnerabilities in Razor and ASP.NET Core MVC.
Lots more good stuff!
Java 14 support, simpler analyzer packaging and more rules!
SonarQube 8.4Expanded OWASP Top 10 coverage; faster analysis; hot backups & faster startup
Python adds XSS detection, 4 more OWASP Top 10 categories
XXE for C, C++ and the use of insecure functions DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Detect the use of common but inherently insecure functions, & prevent XXE vulnerabilities.
Insecure deserialization detection for Java and C#
Find & fix OWASP A8 flaws, the impact of which "cannot be overstated", in Java & C#.
Hot backups, faster startups
Faster disaster recovery - SonarQube's now available during reindexing, & hot DB backups.
New rules, new compilers, faster analysis
New rules in Java, PHP; faster C, C++, C# analysis; lots more compilers for C, C++.
SonarQube 8.3The Python love continues!
New Python rules find many common errors
Enforce Security Hotspot review before you merge
The Security Hotspots metric on New Code is now enforced in the built-in SonarWay Quality Gate.
Updated Branch/PR decoration in GitHub & GitLab DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Security Hotspots reviewed now displayed as its own metric; Analysis results decorated in the GitHub Conversations tab.
Spot XSS vulnerabilities in frameworks DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
SonarQube v8.3 extends XSS injection flaw detection to several common frameworks. JSP and Spring are covered for Java; Razor and ASP.NET Core MVC are added for C#.
And much more!
Auto branch/PR detection in Jenkins, buffer overflow rules for C++ and more rules in more languages...
SonarQube 8.2Security Hotspot review, for the win
Security Hotspot review and rating
New Code-focused project homepage
The project homepage has been entirely redesigned to help you focus on keeping New Code clean.
Python Code Security: Kicking asp and taking names
Huge strides, including 16 new security-related rules and a new total of 100 rules in all.
Security improvements for Java and C#
Additional Security Hotspots rules for Java, expanded XXE detection for C#, and in commercial editions, improvements to taint analysis for both languages.
And much more!
Easier configuration PR/MR decoration, official docker images, more accurate Java analysis, ...
SonarQube 8.1GitLab™ integration gets even better!
Quality Gate status in GitLab pipelines, MRs DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
New rules set stage for Python leaps
This version adds 26 new rules and the building blocks for significant future development.
Spring dependency injection, C# 8 support added DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Taint analysis now supports Spring dependency injection, the Java factory pattern and C#8. Injection flaws have fewer and fewer places to hide!
Better C++ Core Guidelines, MISRA compliance DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
26 new rules increase the coverage of the C++ Core Guidelines and of MISRA C++ 2008.
And much more!
Support for multiple instances of an ALM EE Available on Enterprise Edition , GitHub.com support, additional langauge versions and lots more rules!
SonarQube 8.0GitLab joins the SonarQube family
GitLab Merge Request Analysis
Easy log in for GitLab users
Delegated authentication and group membership synchronization
Precise management of the New Code Period
Set your New Code Period baseline via web services or through the UI.
+68 More Rules
Check out the language updates bundled with SonarQube 8.0
SonarQube 7.9 former LTSAll the great features since the 6.7 LTS and built for long-term support
Developer Led App Security
New Languages
We've added support for six more popular languages.
Tight ALM Integration
Deep support for 3 powerful ALM solutions. You get visibility to all the key metrics right where it counts.
Analyze Branches & Decorate Pull Requests
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Check the quality of your Pull Requests and branches directly in SonarQube. Only commit clean, safe code.
+Hundreds More Rules
Check out the language updates bundled with SonarQube 7.9
SonarQube 7.8Developer Centric Application Security tools and more usable Portfolio summaries
Detect Security Issues in Code Review
Navigate and Comprehend Vulnerabilities Like a Pro
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Navigate complex data flows with improved vulnerability assessment UI.
Detect Security Hotspots in PRs and Branches
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Spot the bad actors hiding in your Pull Requests and Short-lived Branches.
Usable Portfolio PDFs
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Concise PDFs, containing actionable data, that are easy to embed in presentations.
+120 More Rules
Check out the language updates bundled with SonarQube 7.8
SonarQube 7.7Quality Gate in Pull Requests, Injection Flaw rules for PHP & BitBucket Server support
Quality Gate in Pull Requests DE Available on Developer Edition EE Available on Enterprise Edition DCE Available on Data Center Edition
Support for GitHub Checks & BitBucket Code Insights
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Clear Code Quality section in the PR, where it matters most.
Injection Flaw Detection in PHP
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Now there are fewer languages where the bad guys can hide.
Find More Vulnerabilities
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
More injection rules for C# and Java; Security Hotspot detection for JavaScript and Python.
+89 More Rules
Check out the language updates bundled with SonarQube 7.7
SonarQube 7.6Smarter UX, increased security and new language rules
Code Quality Tracks Your Project Structure
Quality Gates, Simplified
We’ve made it more straightforward to configure your Quality Gate and easier to understand in practice.
Tracking Untrusted Data from More C# Frameworks
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Track untrusted input coming from more frameworks: WCF, Winforms, ASP.NET WebForms & PetaPoco.
Tracking Insecure Data Through Collections
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
SonarQube 7.6 checks collections for tainted data so you’ll find them before they’re used in APIs where attacks can happen.
+33 new rules
Check out the language updates bundled with SonarQube 7.6
SonarQube 7.5Scala and Apex analysis, enhanced security reports & new language rules
Fine Tune Security Reports
Keep your security settings in tip top shape without digging through screens and menus.
+24 new rules
Check out the language updates bundled with SonarQube 7.5
Duplication Metric on Short-lived Branches and Pull Requests
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
SonarQube 7.5 shows you duplication issues on short-lived branches and pull requests.
SonarQube 7.4Ruby analysis, .NET for all and much more
Ruby Analysis Has Arrived!
VB.NET Available for Everyone
SonarSource deepens its embrace of the .NET community by open-sourcing VB.NET analysis - available in the Community Edition.
Detect Security Hotspots in More Languages
In version 7.4, coverage is expanded to include VB.NET and C#.
JaCoCo Coverage
Import JaCoCo coverage reports (XML format) into your Kotlin and Java projects.
Consolidate All Reports From Your Roslyn Analyzers
SonarQube 7.4 is flexible and lets you automatically import their issues with zero configuration required.
+58 new rules
Check out the language updates bundled with SonarQube 7.4
SonarQube 7.3Analyze Kotlin, CSS and chase down vulnerabilities like a pro
Kotlin and CSS Join the Party
Chase Down Security Vulnerabilities
SonarQube can now detect Security Hotspots and prompt for developer review.
More Java and PHP Rules
SonarQube 7.3 includes several new Java and PHP rules.
Branches for Applications
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Monitor the quality of branches in your Applications.
SonarQube 7.2Analyze Go code, detect SQL injections and hook up external analyzers
Analysis of Go Code
Welcome External Analyzers
SonarQube 7.2 introduces a generic way to import issues found by 3rd-party analyzers.
Security Analysis
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
SonarQube can now analyze your code for injection vulnerabilities in Java and C#.
Pull Request Analysis
DE
Available on Developer Edition
EE
Available on Enterprise Edition
DCE
Available on Data Center Edition
Check the quality of your Pull Requests directly and benefit from inline comments in GitHub Ent and Azure DevOps.
Embedded Docs
All important concepts and explanations are now available directly in the SonarQube UI.
