Our journey this year
We launched SonarQube for IDE (formerly known as SonarLint) with a simple vision: writing secure and high quality code should begin right in your IDE. We are committed to becoming your go-to coding companion. Our extensions are designed to be easy to use, have minimal impact on your IDE’s performance, and provide a comprehensive analysis and learning experience, going beyond just a basic linter.
The SonarQube for IDE team has worked hard this year to enhance the developer experience across each of our supported IDEs, focusing on streamlining the UX for teams, harnessing the power of SonarQube Server and Cloud through connected mode into your IDE, and making it even easier to focus on new code. Our goal is to enable you to create code that is secure and of high quality from the get go, using one comprehensive solution.
Here are some highlights from the many enhancements we delivered during 2024.
Share the connected mode setup within your team
One area of focus during 2024 was to make it easier to share a configuration between team members, allowing everyone to share the value of connecting SonarQube for IDE with SonarQube Cloud and Server. With SonarQube for IDE connected mode, you can now sync your analysis rules in the IDE with your CI Quality Profile and share this configuration with your team so that everybody is set up for success. Other team members using SonarQube for IDE will find the binding details in the project’s source folder and receive a notification to bind the project automatically.
Seamless Issue Management
Managing issues efficiently is vital for maintaining high code quality, and we have made significant strides in this area for SonarQube Server and Cloud users that are using connected mode. Last year, we added the possibility to open issues from SonarQube Cloud in the IDEs, which makes it easier to address the found issues, similar to the experience with SonarQube Server.
In addition, you can edit an issue status in the IDE by marking it as “Accepted” or “False Positive” and treating it later as a technical debt. Take advantage of this to address what is most critical first and focus on what’s important for your team.
Leveraging the power of AI
Finally, we made a step forward to fixing the issues we are raising, by suggesting AI-generated fixes after a PR analysis or a project scan and opening the fix suggestions in the IDE.
Security in the IDE
Security good habits should start in the IDE. For this we enriched the secrets detection by also detecting custom secrets you defined in SonarQube Server and Cloud. We also added the capability of scanning Helm files with Kubernetes. Learn more about secrets and infrastructure as code analysis support here.
Focus on new code
Ever felt overwhelmed with the volume of issues in your code, and don’t know where to start? Don’t worry, we have you covered. We recommend focusing first on new code, and can help you with this. Easily switch on the option “Focus on new code” and filter issues based on their date of introduction and either a 30 days time window when using SonarQube for IDE in standalone or the New Code Definition you set in SonarQube Cloud or Server (introduced in all IDEs except Visual Studio). It’s a great feature to help you see the wood from the trees, and make real progress towards clean code.
Performance improvements
We aim to provide an on-the-fly analysis experience that doesn’t impact your IDE flow. For this, we needed to focus our efforts on optimizing the analysis and we managed to speed it up, starting with Javascript. Other optimizations have improved the extensions’ memory consumption, for example by reducing the use of temporary files and a better cleaning of the .sonarlint folder.
Language analysis
Finally, SonarQube analyzers always evolve to provide more rules adapting to the latest language updates and covering new frameworks. SonarQube for IDE brings you the latest rules, and among notable additions last year we added support for advanced Java and Python rules in JetBrains, VS Code and Eclipse. We also added support for Java 22, C++20, MISRA C++2023 rule, .NET 9 and Jupyter Notebooks python code!
What’s next
This year we will continue our work on making the analysis experience as smooth as possible. We aim to bring the JS analyzer improvements to other language analyzers and to support more language analysis such as Dart and Flutter, T-SQL and HTML in Visual Studio, etc.
We also plan to extend our remediation capabilities by offering AI CodeFix suggestions in the IDE and more.
And of course, we would like to address the most voted requests from you, our dear community members, in our roadmap. It remains the place to tell us about the features you would like to see, and to upvote others.
2024 was a busy year, and we will maintain our momentum into 2025, always with a focus on you, the developer. Stay tuned to our product news in our what’s new page and reach out to us via our community forum for any help or clarifications needed.