We have added DISA Application Security and Development (ASD) STIG and Cloud Application Security Assessment (CASA) security reports to the SonarQube Cloud Enterprise plan.

See also the Community announcement for further details.

SonarQube Cloud now supports multi-language analysis via the SonarScanner for .NET.

Now, a single scan can analyze your entire repository.

Plus, for JS and TS files the scanner auto-detects test files, meaning you can now analyze a typical .NET backend + JS/TS frontend application with a single scan.

See also the Community announcement for details of languages supported and set up guide.

SonarQube Cloud can now detect even more secret patterns.

Learn more here.

We just launched two new plans on SonarQube Cloud that will replace our existing offering.

The Enterprise plan delivers a range of advanced features offering mission-critical flexibility, scalability, and performance. Available now as an early access program with the following key features:

• SSO through SAML
• Enterprise hierarchy to group multiple organizations
• Management reporting through Portfolios, security reports, and project reports
• Organization-wide project configuration

The Team plan replaces the current paid plan. The Team plan delivers essential capabilities for small development teams and businesses, both from an ecosystem integration and collaboration perspective. Some features of the current paid plan have moved to the Enterprise plan and will not be available with the Team plan:

• Enterprise-specific languages (ABAP, COBOL, RPG, PL/I, Apex)
• GitHub Advanced security integration
• Organization-level project management
• Quality Profile permission delegation

Please visit this blog or Community post for more information. You can also read the new plans FAQ.

You can now open an issue you are investigating in SonarQube Cloud into your preferred IDE (VS Code, JetBrains IDEs, Visual Studio, and Eclipse) to fix it.

In connected mode, SonarQube for IDE will automatically open the correct file, and bring the focus to the line of code containing the issue.

Discover more here.

We have enhanced the integration of SonarQube Cloud with Amazon CodeCatalyst.

CodeCatalyst can now trigger the SonarQube Cloud scan action during pipeline execution to automate code analysis. This will help you catch issues early and deliver high-quality software.

Learn more here