What’s new

We are excited to announce that you can now scan your Dockerfiles with SonarQube Cloud!

See all the details in the Community post.

Today we've enabled faster pull (merge) request analysis for all languages*.

Before, when a branch or a pull request was scanned, the analysis included all the files in your repository to ensure accuracy and only raise true positives. Now, on pull requests, only the content in the PR is scanned using an analysis methodology that minimizes the false positive rate.

On average, you can expect your pull request analysis to finish at least 50% faster however, it can be more depending on the size and language(s) in your pull requests. 

See all the details on the Community post.

* this will come soon for C++ and .NET.

We are happy to announce the rollout of our new rules format which helps you quickly and efficiently fix vulnerabilities in your code. This new format focuses on giving you the what, why and how (to fix) info around the issue so you can fix it and learn some new tricks for your developer toolkit!

• Get step-by-step instructions with just the information you need right now, in context, to solve the issue fast
• Dig into in-depth, educational and contextualized guidance to avoid similar issues in future
• Learn about and understand new vulnerability types

…all in the same tool and workflow you are already using every day. 

We have started with the top 15 security vulnerabilities - more to come soon! Learn more

Make the most of the C++20's `std::format` feature! Use SonarQube Cloud's static analysis which now includes 13 coding rules dedicated to this feature. Learn more

Set your analysis up in seconds by adding a few lines to your pipeline configuration! A new GitHub action has been released to analyze your C, C++, and Objective-C code. Learn more

Analyze the inline JavaSript and TypeScript code inside YAML for AWS::Lambda::Function and AWS::Serverless::Function and get your AWS CDK code more secure! Learn more