Since the last SonarQube Server 9.9 LTA, we’ve been busy here at Sonar, packing a lot into our recent releases. The new SonarQube Server 2025 Release 1 LTA wraps all those changes into a long-term active version with more value than ever and increased stability for the long haul. Whether you’re a developer, engineering lead, DevOps engineer, or security and compliance engineer, the new LTA has something to accelerate your SDLC.
Inside the new SonarQube Server LTA, you’ll find:
- High-impact AI enhancements
- Cutting-edge security innovations
- Features to supercharge developer productivity
- Enterprise and operational excellence capabilities
- New extensive language support
Read on to find out more…
Surprise! We snuck in something new...
Our primary focus of the LTA is to harden it so it will continue to be stable until the next LTA when most people upgrade. However, since the SonarQube Server 10.8 release, we've added a few new powerful AI capabilities to the LTA version. With this release, you can:
- Automatically detect the presence of AI-generated code from GitHub Copilot
- Easily see which projects have AI-written code and which ones are protected by AI Code Assurance
- Display real-time AI Code Assurance quality status of your projects that contain AI-generated code
- See how your AI Code Assurance protected projects compare to other projects in a portfolio
- Setup of AI Code Assurance is easier than ever with bulk configuration across multiple projects via API
High-Impact AI Enhancements
With its latest enhancements, Sonar empowers developers to confidently embrace AI-assisted coding in the SDLC. Sonar AI Code Assurance streamlines the identification and validation of AI-generated code in your codebase, ensuring it meets the highest quality and security standards before reaching production. With AI CodeFix, developers can receive one-click suggestions to resolve issues instantly, boosting productivity and code quality. Additionally, SonarQube now supports popular Python libraries like PyTorch, TensorFlow, Scikit-learn, NumPy, and Pandas, providing AI/ML developers with the tools to write secure and reliable code, even within Jupyter Notebooks.
Cutting-Edge Security Innovations
SonarQube Server elevates your code security with hundreds of new security rules and an advanced secrets detection engine that identifies and prevents leaks of 160+ secret patterns across 110+ cloud services, fortifying your codebase against security threats. This secrets detection engine operates in parallel with your code analysis, ensuring zero impact on analysis performance. Additionally, Sonar provides comprehensive security reports, including CWE Top 25 2022 and 2023, STIG, and CASA, to help you assess and comply with industry standards. Deeper SAST now covers over 2,000 public Java libraries, significantly improving the detection of hidden vulnerabilities when using external libraries. Java security analysis boasts a 90% True Positive Rate on leading benchmarks, while Spring Framework security analysis delivers complete coverage with over 200 rules. Moreover, Sonar extends security to Dockerfiles, synchronizes security hotspots with your IDE, and offers two-way synchronization with the GitLab Vulnerability Report for streamlined vulnerability management.
Supercharge Developer Productivity
SonarQube Server now delivers a significant boost to developer productivity with faster first analysis times (under 5 minutes!) and optimized scan times through on-demand analyzer downloads. Choose between two operating modes, the Standard Experience or the Multi Quality Rule (MQR) Mode with its innovative software quality taxonomy and customizable severity levels. Seamlessly integrate with your IDE to open and address issues directly within your workflow when in connected mode with SonarQube for IDE. Gain insights into resolved and accepted issues in pull requests before merging, benefit from a modernized UI, and leverage Clean as You Code guidance for a smoother, more efficient coding experience.
Enterprise and Operational Excellence
SonarQube Server streamlines enterprise-level administration and enhances operational efficiency with features like SCIM integration for automated user and group management, along with auto-provisioning and synchronization with GitHub and GitLab. This eliminates manual tasks ensuring secure and consistent access control across platforms. Project setup is a breeze with Autoconfig for C/C++ and guided setup of monorepos, removing the need for complex setup procedures. SonarQube Server now offers faster, easier, and more predictable upgrades with minimal disruption and downtime. Kubernetes users will appreciate autoscaling for optimized resource utilization, while OpenShift is now officially supported. Finally, SonarQube Server installations are more secure with support for running in a FIPS-enforced environment, modern authentication with Microsoft SMTP Server, and enforcement of strict password policies.
Extensive Language Support
Stay ahead with significant updates across multiple languages and frameworks, including Java, TypeScript, .NET, C++, and Python, as well as the new languages Dart/Flutter, Helm, Azure Resource Manager IaC, Ansible IaC, and JCL.
...and the list goes on!
Ready to experience the power of SonarQube Server? Upgrade to the latest LTA version today and see for yourself, or check out more details on the What’s New in the LTA page and our detailed LTA release documentation.
Are you still using an older version of SonarQube Server?
If you’re on 9.9 or older, make sure to upgrade to the latest 9.9.8 LTA before upgrading to the new 2025.1 LTA. We've added significant upgrade performance benefits that will reduce the time to upgrade to the latest LTA. Check out this helpful checklist for a smoother upgrade. Watch the on-demand LTA upgrade webinar, which explains a step-by-step approach and highlights common pitfalls encountered during the upgrade.
Join our live webinar on Feb. 12 at 10:00 AM CST where we will walk you through the new 2025.1 LTA release.