SonarQube for IDE: Visual Studio Code v4.3 enhances the combined power of SonarQube for IDE and SonarQube Server while streamlining the setup process.

Now, a one-click connection setup and project binding option will be shown to a SonarQube for IDE: Visual Studio Code developer utilizing the SonarQube Server “Open in IDE” button to investigate an issue directly in their VS Code IDE. This functionality, which requires SonarQube Server v10.4, assists developers in rapidly examining and resolving issues using SonarQube for IDE directly in their VS Code IDE.

Plus, with their SonarQube for IDE: Visual Studio Code v4.3 connected to SonarQube Server v10.4, developers can now detect custom secrets in their code, directly in their IDE. Using custom rules based on secret patterns defined in SonarQube Server allows developers to spot secrets before they can be leaked into repositories. (Requires SonarQube Server Enterprise or Data Center Edition).

Also, when using connected mode to SonarQube Cloud or SonarQube Server v10.4, it is now possible to mark an issue as “Accepted”. This results in the unresolved issue becoming part of the project’s technical debt.

In addition:

• 8 new Kubernetes rules
• Support for TypeScript 5.3

Discover more with our release notes and community announcement. For more details on how to set up connected mode check here.

SonarQube for IDE: Visual Studio Code v4.2 delivers advanced Python rules for users in connected mode. 

SonarQube for IDE now has access to 9 rules to detect advanced issues in your Python code that may cause your programs to crash. 

Previously only available in SonarQube Server and SonarQube Cloud branch and pull request analysis, you can now benefit from these rules directly in your IDE (requires connected mode), enabling you to detect and resolve these advanced issues early, and before sending a pull request or running unit tests.

Plus:

• In-product changes to highlight the additional team benefits available when using SonarQube for IDE in connected mode with SonarQube Cloud and SonarQube Server
• 17 new JavaScript rules for JSX

For a list of the 9 rules and further details, check out our release notes and community announcement.

SonarQube for IDE: Visual Studio Code v4.1 brings support for additional languages and Cloud technologies.

SonarQube for IDE will now detect and help you fix issues in T-SQL files. Available in connected mode with SonarQube Cloud, and commercial editions of SonarQube Server.

In addition, SonarQube for IDE is also able to detect issues in AzureResourceManager templates and Bicep files.

Plus:

• Support for Python 3.12 syntax, and 4 new rules related to Python 3.12 features.
• 9 Java rules for Spring Boot.
• Support for .Net 8 and C# 12

For further details, check out our release notes and community announcement.

SonarQube for IDE: Visual Studio Code v4.0 brings initial support for C# analysis, plus further benefits when using SonarQube for IDE in connected mode to SonarQube Cloud and SonarQube Server.

We are excited to announce support for C# analysis, available both in standalone or connected mode to SonarQube Server and SonarQube Cloud. The most requested feature in our roadmap this initial support is designed to help those developing .NET applications to create clean code.

In addition, we have also added additional team benefits - available when using SonarQube for IDE in connected mode:

With SonarQube Server v10.3, you can now open any issue you’re investigating in SonarQube Server directly into the IDE, with just a click of a button, thanks to connected mode. This allows you to leverage SonarQube for IDE’s dataflow navigation, rule descriptions, and quick fixes for efficient issue investigation and resolution.

Using connected mode to SonarQube Cloud, any issue or status change (e.g. Won’t Fix, False Positive) made in SonarQube Cloud will be instantly synchronized to your IDE, ensuring you can focus on relevant issues.

Plus:

• 6 Java rules dedicated to the Spring framework
• 5 Python rules 2 for the Pandas library
• Many new JavaScript and TypeScript rules for React

Lastly, please be advised that we are raising the minimum required Java runtime version to 17. See here for more details.

For further details, check out our release notes and community announcement.

In SonarQube for IDE: Visual Studio Code v3.2, we deliver a new feature supporting the Sonar Clean as You Code methodology. Plus we have extra rules to detect secrets directly in the IDE, the option to configure file or directory exclusions, and new rules for Data Scientists and Dockerfiles!

SonarQube for IDE is pairing up with SonarQube Server and SonarQube Cloud to deliver the “Focus on new code” feature. Enabled, this empowers you to focus only on issues in your new code (ie code that has been added or changed, according to your new code definition.) Supporting the Sonar Clean as You Code approach, this powerful feature is available when SonarQube for IDE is working together with SonarQube Server or SonarQube Cloud in connected mode. Learn how here.

In addition, we have incorporated 42 new rules to detect secrets (API tokens, passwords) within your Cloud applications. This enables the immediate detection of secrets in your code as you add or copy/paste them, before you commit or push the code into a repository. This proactive approach not only boosts confidence in your code but also minimizes exposure.

This latest addition brings the total to 100 different types of secrets spanning 60 cloud providers.

Plus:

• An option to configure file or directory exclusions for SonarQube for IDE analysis to avoid scanning generated or third-party code. See how here.
• 8 new Python rules (and 3 quick fixes) to help you write clean scientific code using NumPy
• 12 new rules to write intentional and consistent Dockerfiles

For further details, check out our release notes and community announcement.

In SonarQube for IDE: Visual Studio Code v3.21, we introduce the adoption of Clean Code attributes to categorize issues, enhanced secret pattern detection, and improved teamwork features together with SonarQube Server.

Firstly, we have made various product changes in alignment with our Clean Code vision. For each issue raised in your code, SonarQube for IDE will report the Clean Code attribute and software qualities impacted.

In addition, and leveraging a new Sonar open-source secret detection engine, this version delivers a powerful approach to identifying potential security vulnerabilities related to secrets (tokens, passwords, API keys). SonarQube for IDE can now detect secrets for an additional 22 popular cloud applications and providers.

On top of this, for SonarQube Server 10.2 users, we’ve added the capability to change the status of issues you will not fix in code that has yet to be analyzed by SonarQube Server.

Plus:

• COBOL support is now fully released!
• 9 new core Python rules
• Support for PHP 8.3
• Enhanced SonarQube for IDE documentation is now available here

For further details, check out our release notes and community announcement.

In SonarQube for IDE: Visual Studio Code v3.20, we introduce a walkthrough feature for new users plus many new rules!

Designed to help new users extract maximum value from SonarQube for IDE, the new walkthrough feature is automatically displayed when installing SonarQube for IDE for the first time. It is also available anytime via the command palette: search “Welcome Open Walkthrough…” and then select “Welcome to SonarQube for IDE!”

In addition, we’ve added new MISRA C++ 2023 rules to support mission-critical software environments.

Plus:

• New rules for C and C++ to detect tricky bugs
• Improvements to the accuracy of our analysis in Python and Java

For further details, check out our release notes and community announcement.

In SonarQube for IDE for VS Code v3.19, users can directly change the status of issues and hotspots in the IDE, plus analysis of COBOL is now available!

With this release we extend the benefits of connected mode further, enabling you to interact with the status of an issue or a Security Hotspot without leaving your IDE to:

• Resolve an issue as Won't Fix or False Positive
• Mark a Security Hotspot as Safe or Fixed following the review

Any changes made to the status of an issue or hotspot in VS Code will be synchronized with SonarQube Server, SonarQube Cloud, and all other contributors using SonarQube for IDE in connected mode.

Additionally, we are introducing a beta version of COBOL analysis, now available for users connected to SonarQube Cloud or to SonarQube Server (Enterprise edition or higher).

Plus:

• 5 new rules for core JavaScript & TypeScript concepts
• Support for TypeScript 5

For further details, check out our release notes and community announcement.

SonarQube for IDE: Visual Studio Code v3.18 delivers support for Security Hotspots to SonarQube Cloud users, plus enhancements to rule descriptions with syntax highlighting for code examples, and new TypeScript, Python, and Java rules.

With this release, as well as bringing support for Security Hotspots to SonarQube Cloud users, we've introduced the ability to view a list of unreviewed Security Hotspots outside of the currently open file. Selecting the "In Whole Folder" option instructs SonarQube for IDE to scan every file in the folder currently open in VS Code, providing the opportunity to review all pending hotspots at one time. Discover more here.

In addition, to help developers understand and implement fixes based on contextual code examples, we've added syntax highlighting. Plus, for some rules, there is now code diff highlighting in our rule descriptions, which is being progressively rolled out across all rules.

And

• A new Java rule linked to static methods introduced in Java 19
• New rules for TypeScript that enhance our support for TS built-ins
• 6 new Python rules for the Django framework

For further details, check out our release notes and community announcement.

SonarQube for IDE: Visual Studio Code v3.17 empowers developers to write Clean Code for IaC domains, plus brings a new format for the Rule Help feature and more!

With this release, SonarQube for IDE can analyze the following IaC files:

• Terraform
• CloudFormation
• Docker
• Kubernetes

With a focus on Security Hotspots, available in SonarQube for IDE when used in connected mode to SonarQube Server 9.7+, developers can create Clean Code for these popular Infrastructure as Code domains.

In addition, this release brings a new format for the Rule Descriptions with educational information to enhance the developer experience.

Now, when clicking on an issue's code in the Error List, you will be presented with contextualized guidance as follows:

Why this is an issue | How to fix it | More info 

Initially available for the top 15 security vulnerabilities, this feature is being progressively rolled out for all remaining rules, helping developers learn as they code.

Plus:

• New Python rules and quick fixes related to type hints and regular expressions.
• 3 Java rules that cover design and architecture good practices for Monster Class, Brain Method, and Singleton.

For further details, check out our release notes and community announcement.