SonarQube Server Shows You the Benefits of Clean Code and the Clean as You Code Methodology
Pull Requests Show Issues That Will Be Fixed When Merged
Eliminate the guesswork of what you’re fixing in new code with the new view of fixed issues in a pull request. Now you can see which issues will be resolved before merging the pull request, reducing the chance of rework due to missing issues you intended to resolve. The pull request decoration in all 4 CI platforms (GitLab, GitHub, Azure DevOps, Bitbucket) and the pull request summary in SonarQube Server show the issues that will be fixed upon merging the pull request.
SonarQube Server pull request summary showing accepted issues and fixed issues categories.
Pull request decoration in CI Platform showing fixed issues and accepted issues count.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Branch Summary Shows Issue Count And Overall Code Shows Software Quality
The branch summary has been updated to show the Clean Code Taxonomy view of a single count of issues instead of the previous categories, bringing it in line with the pull request decoration and pull request summary. The overall code tab is also changing to show software quality and a count of high, medium, and low severity issues.
SonarQube Server branch summary showing new code tab with new issues and accepted issues categories.
SonarQube Server branch summary showing the overall code tab with software quality categories that have a count of high, medium, and low issues as well as the accepted issues category.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Dismiss Issues Marked as “Accepted” And Keep Track Of How Many
Developers can now mark an issue as “accepted” instead of “won’t fix”, including clear messaging explaining how accepting the issue contributes to technical debt. SonarQube Server keeps track of the issues marked as accepted and shows the number of accepted issues in the branch summary and pull request decoration. The branch summary shows the number of accepted issues in new code and overall code. The pull request decoration in the DevOps CI platform of your choice displays the number of accepted issues. Clicking on the accepted issue count in any location will bring you to the list of accepted issues with details on why they are issues. Altogether, these views help development teams understand the accumulation of technical debt by accepting issues and how they counter Clean as You Code.
(see the screen captures above with the accepted issues category)
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
Faster Scan Times
Scan times and bandwidth are significantly reduced because the scanner now only downloads the analyzers required for the project being analyzed based on the files and languages in the project. Previously, the scanner downloaded all the analyzers regardless of the project details.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
Provision And Sync Users And Groups From GitLab
In this release, we take the first steps to support the autoconfiguration of GitLab in SonarQube Server, similar to the autoconfiguration addition we completed in previous releases for GitHub. In 10.4, you can provision and sync users and groups from GitLab into SonarQube Server, significantly reducing the time to set up and manage authenticating with GitLab.
Available in Developer Edition | Enterprise Edition | Data Center Edition
Benefits Of Linking SonarQube Server And SonarQube for IDE
From an issue in SonarQube Server, you can jump directly to the code in your IDE to view and fix the issue, saving you time finding the issue in your code. However, if you haven’t linked SonarQube Server with SonarQube for IDE, the button that takes you to your IDE will not work. Now, when you click the button in SonarQube Server and you haven’t linked to SonarQube for IDE, SonarQube Server walks you through connecting to SonarQube for IDE so that you can get started fixing code. Also, new to the 10.4 release, SonarQube Server Enterprise Edition will download your custom secrets rules to SonarQube for IDE. SonarQube for IDE will highlight those secrets as you code, preventing them from being inadvertently pushed to your repository.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
Introducing Support For Scanning Helm Charts
SonarQube Server now supports scanning Helm Charts for Helm-based Kubernetes deployments using the same Kubernetes rules that are applied to other YAML files.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
New Log File Shows Deprecated APIs And API Parameters
To make upgrading smoother, we added a log file containing details when you call deprecated web APIs and use deprecated web API parameters. You now get quick feedback when you use deprecated APIs and API parameters. This new log file is downloadable from the administration section in SonarQube Server and can be accessed directly in the file system.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
New Rule Attributes Adopt The Clean Code Taxonomy
Attributes of new rules you create from a template have been transitioned to the new Clean Code Taxonomy. Previously, the Clean Code Taxonomy and legacy attributes were both displayed when creating rules. Now, only the Clean Code Taxonomy value is displayed when creating a rule. The templates for creating new rules contain the default mapping from the legacy attribute to the Clean Code Taxonomy value to show what Sonar advises as the new Clean Code Taxonomy value. However, you’re not required to use the default. You can set the rule to any Clean Code Taxonomy attribute you choose.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
Improvements to Learn as You Code
1,700 rules have been updated with improvements and additions to the “How can I fix it?” and “More info” sections. Important and helpful information explaining the links between code smells and more severe issues is also included.
Available in Community Build | Developer Edition | Enterprise Edition | Data Center Edition
Language Updates
JavaScript/TypeScript:
- 18 Accessibility rules for React.js
- Javascript/TypeScript/CSS analyzer will come bundled with the correct Node.js version, removing the need to install and update Node.js in your scanning environment.
- End of support for NodeJS v14
Java/Kotlin:
- 10 new rules for Spring Boot, bringing the total up to 40
- Replicated the 30+ rules from Javax to Jakarta so that both packages now have the same coverage
C/C++
- 12 new MISRA C++ 2023 rules
- Detect issues in C++ macros
- Added support for Wind River’s ccarm compiler
.NET
- 5 new Blazor rules
- 30 .NET rule updates, including false positives, false negatives, and performance improvements
Python:
- Reached 90% True Positive Rate (TPR) on top 3 Python SAST Benchmarks: DVGA, DSVW, and skf-labs-python
- Added support for Graphene (GraphQL for Python)
- Added support for FastAPI framework, rounding out our support of the top 3 API frameworks for Python, including Flask and Django