Blog post

Cloud native features in SonarQube Server 9.9 LTS

Clint Cameron photo

Clint Cameron

Product Marketing Manager

5 min read

  • Clean Code
  • SonarQube Server
  • Code Quality
  • Quality

The SonarQube Server 9.9 LTS brought many new features dedicated to helping you deliver Clean Code day after day. A lot of that functionality is centered around cloud native technologies including Infrastructure as Code (IaC). 


This article offers an overview of these benefits along with links so you can learn more about the features that interest you.  


SonarQube Server 9.9 LTS supports the following cloud native technologies:


Many of the cloud native based rules in v9.9 are security focused in the following areas:

Feature: Detect insecure configurations in your AWS CDK code


If you are describing your AWS infrastructure with the AWS CDK for Python or JavaScript/TypeScript, SonarQube Server 9.9 LTS will detect insecure configurations in the following domains:


Python


Node.JS

  • S3 Buckets 
  • Encryption at Rest and at Transit (available since Nov 2022)
  • Permissions + Traceability (available since Nov 2022)

Feature: Detect injection vulnerabilities in your AWS Lambdas


AWS Lambdas can be the entry point of injection attacks. SonarQube Server v9.9 relies on the same Sonar Taint Analyzer engine used to find injection vulnerabilities in web applications to detect if some malicious inputs are injected in the entry points of AWS Lambdas written in Python or JS/TS. Serverless and SAM frameworks are supported.


JavaScript (Community Announcement)

Python (Community Announcement)

Feature: Detect Code Quality issues in all your Python and JavaScript/TypeScript code

Finding and fixing vulnerabilities to keep your users safe is super important and it’s also important to keep your codebase squeaky clean. SonarQube Server v9.9 includes hundreds of rules designed to find bugs and code smells in all your Python and JS/TS projects. These same rules are executed in the context of cloud native code so ALL of your source and test code is kept in a Clean Code state


The projects making up your cloud native apps likely combine code from many popular languages used today including Java, Go and Python. In all, SonarQube Server v9.9 can detect quality and security issues in over 30 languages, frameworks and cloud technologies. With Sonar, you get a complete, reliable Clean Code solution for all the projects in your organization.

Feature: Detect secrets/tokens in major cloud providers


Lastly, SonarQube Server detects secrets and tokens accidentally left in your cloud-based code before they make it out into the wild and into malicious hands. 

Clean Code for the Win!


Join the clean code movement, be intentional with the quality of your codebase and take pride in delivering cloud native apps in a safe, sustainable way. 


Thanks for reading and happy, clean, cloud native coding!


Pick a topic to discover more:


  • 法律文件
  • 信任中心
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA。保留所有权利。SONAR、SONARSOURCE、SONARQUBE、 和 CLEAN AS YOU CODE 是 SonarSource SA 的商标。