SonarQube Cloud has launched support for the Rust programming language.

This initial release emphasizes helping you write maintainable code.

Features include:

• 85 Clippy rules you can use in your Quality Profile
• Code coverage ingestion (LCOV and Cobertura format)
• Cognitive Complexity and Cyclomatic Complexity metrics

Rust analysis currently requires CI-based analysis, with cargo and Clippy needed on the analysis machine.

Additional details are available in the Community post.

SonarQube Cloud Team and Enterprise plan users can now experience enhanced flexibility and power in automated code remediation. We've expanded our AI CodeFix capabilities by introducing support for additional Large Language Models (LLMs), allowing you to select either Claude 3.5 Sonnet or Claude 3.7 Sonnet for generating code suggestions. This choice gives you greater control to tailor the AI assistance to your specific project needs and preferences.

Alongside the introduction of selectable LLMs, we have also increased the number of rules covered by AI CodeFix. This means SonarQube Cloud can now provide automated fix suggestions for an even wider array of code quality and code security issues, streamlining your workflow and helping you resolve problems more efficiently.

These enhancements are now available to all users on our Team and Enterprise plans.

 Additional details are available here and in this Community post.

SonarQube Cloud Enterprise now provides a centralized view of code security issues across multiple projects at the Portfolio level, saving you time and eliminating the need to check individual project reports.

It offers a comprehensive security snapshot, instant risk clarity to understand which portfolios are most at risk, as well as drill-down capabilities, accessible via a new Security Report tab in the Portfolios section. 

This feature is available with the Enterprise plan. Additional details are available in the Community post.

We've launched a major update, expanding to 307 secret patterns with 255 rules, including 132 new rules. 

Share feedback on any noisy rules here.

To learn more, check out this Community announcement.

Quickly analyze your JavaScript and TypeScript projects with npm @sonar/scan, using the tools you already know.

We recommend switching to the npm package @sonar/scan to analyze your projects with SonarQube Cloud.

To learn more, check out this Community announcement.

We’re excited to announce improvements to our Go language analyzer, with a focus on security. We’ve introduced 24 foundational security rules to help you write secure, high-quality Go code. These new rules check for security hotspots and vulnerabilities. 

This is just the beginning—more rules are on the way to further enhance your code security.

To learn more, check out this Community announcement.