The latest SonarQube Server Release 1 LTA (abbreviated to 2025.1) contains transformative advancements and widespread improvements, making it the most feature-packed LTA in SonarQube Server's history. Whether you’re a developer, engineering lead, DevOps engineer, or security and compliance engineer, the new LTA has something to propel your SDLC.
Inside the new 2025.1 LTA, you’ll find:
- High-impact AI enhancements
- Cutting-edge security innovations
- Features to supercharge developer productivity
- Enterprise and operational excellence capabilities
- New extensive language support
What’s new in the 2025.1 LTA?
We've added a few new powerful AI capabilities to the 2025.1 LTA since the SonarQube Server 10.8 release.
- Automatically detects the presence of AI-generated code from GitHub Copilot
- Easily see which projects have AI code and which ones are protected by AI Code Assurance
- Displays a real-time AI Code Assurance quality status of your projects that contain AI-generated code
- See how your AI Code Assurance protected projects compare to other projects in a portfolio
- Setup of AI Code Assurance is easier than ever with bulk configuration across multiple projects via API
High-Impact AI Enhancements
Quality & security assured AI-generated code
Sonar AI Code Assurance helps developers identify and validate AI-generated code in their projects. New in the 2025.1 LTA, SonarQube Server can autodetect code created by GitHub Copilot within GitHub projects. SonarQube Server provides real-time quality assessments and pass/fail badging for projects with AI-generated code, ensuring only the highest-quality AI-generated code makes it to production. Use the Sonar recommended AI Code Assurance quality gate or leverage your own to ensure all AI code meets your discerning standard.
Accelerate issue resolution with AI CodeFix
Get early access to Sonar AI CodeFix! With a single click, this new feature suggests code fixes for issues discovered by SonarQube Server, boosting developer productivity by automating common resolutions. Quickly open AI CodeFix suggestions and apply them directly in IntelliJ, VS Code, Visual Studio, and Eclipse.
Build secure high-quality AI into your apps
Data scientists and ML practitioners, rejoice! SonarQube Server provides unique rules to detect issues in the top Python libraries: PyTorch, TensorFlow, Scikit-learn, NumPy, Pandas, and even in code embedded in Jupyter Notebooks. Protect your AI/ML apps from common coding pitfalls and ensure they’re production-ready.
Cutting-Edge Security Innovations
Advanced secrets detection
Sonar's advanced secrets detection engine protects your code with 120+ rules covering 160+ secrets patterns and 110+ cloud services covering public and private services. Detect secrets in your IDE and prevent them from ever reaching your repository. Parallel processing ensures zero impact on overall analysis performance. Enterprise and Data Center Editions allow you to configure custom rules to protect your company-specific secrets.
New security reports
New reports for standards CWE Top 25 2022 and 2023, STIG and CASA security risk reports, helping you assess your codebase against common vulnerabilities. With the addition of the latest reports, SonarQube Server helps you demonstrate compliance with these popular standards.
Deeper SAST and improved security for Java, Spring, and Dockerfiles
Sonar's deeper SAST now covers over 2,000 public Java libraries, significantly boosting its ability to find hidden vulnerabilities. With new updates to our Java security analysis engine, it boasts a ~90% True Positive Rate on major benchmarks. The addition of over 200 security rules for the popular Spring Framework moves it to the complete coverage category. Lastly, we’ve added support for over forty best practice rules to weed out any security misconfigurations in your Dockerfiles for secure Docker deployments.
Sync security issues with your IDE and GitLab
SonarQube for IDE (VSCode and IntelliJ) now syncs security hotspot status with SonarQube Server in real-time, allowing you to focus on issues that need attention while you code. Issue status changes made in the IDE are instantly reflected in SonarQube Server. SonarQube Server integrates with GitLab, providing two-way synchronization of vulnerability issues with the GitLab Vulnerability Report.
Supercharge Developer Productivity
Faster first analysis and overall scan times
Based on benchmark testing, projects that previously took hours to perform the first analysis now take only five minutes or less. Scan times and bandwidth are significantly reduced because the scanner now only downloads the specific analyzers required for the project based on the files and languages in the project.
Dual operating modes
You can operate SonarQube Server in one of two operating modes. Standard Experience preserves familiar rule and issue qualities and severities for users of 9.9 LTA and earlier. Multi Quality Rule (MQR) Mode has multiple qualities per issue and rule. MQR Mode introduces a new taxonomy focused on writing better code by preventing the outcomes of poorly written software including new software qualities, refined severity levels, and independent severities per quality. You can also prioritize rules to enforce company code standards and prevent releases that don’t meet your standards.
Better user experience for developers
We designed our new sleek UI to improve developer productivity and ease developer fatigue with a better user experience. You can open issues directly in your IDE with one click, eliminating the time it takes to find the issue in your code. We've also improved Clean as You Code (CaYC) guidance and enhanced the quality gate experience, for example, by showing the number of found issues and accepted issues in new code. See exactly which issues are fixed in a pull request before merging! No more guesswork or accidental rework. Additionally, the number of accepted and fixed issues is displayed in the pull request comments in your DevOps platform for a seamless experience. Level up your coding skills and sharpen your mastery with Sonar's expanded Learn as You Code (LaYC) content!
Enterprise and Operational Excellence
Elevate your server security posture
SonarQube Server streamlines user and group management with SCIM support for SAML/Azure AD and SAML/Okta in Enterprise and Data Center Editions. Automatic provisioning and synchronization with GitHub and GitLab eliminates manual user/group management and ensures consistent permissions across environments. Create custom roles and permission mapping overriding defaults to adapt to your company needs. This enhances security, reduces admin overhead, and simplifies project permission management.
SonarQube Server now supports running in FIPS-enforced environments, modern authentication with Microsoft SMTP Server, and it enforces stricter password policies for local accounts, boosting overall security and compliance.
Easier predictable upgrades
SonarQube Server upgrades are now faster and more predictable, with minimal downtime and disruption to your workflow. We've optimized the reindexing process, added upgrade time estimations, and provided detailed activity logs to track changes. Plus, a new log file helps you identify deprecated web APIs and parameters for smoother upgrades. Be sure to upgrade to the latest 9.9.8 LTA before upgrading to 2025.1 to take advantage of our optimized db upgrade process and reduce upgrade time by an order of magnitude.
Simplified project onboarding
Setting up projects just got easier with SonarQube Server! AutoConfig for C and C++ eliminates the need for Build Wrapper and Compilation Database, supporting most compilers out-of-the-box. Analyze multiple C/C++ code variants within the same project. Effortlessly configure projects in monorepos with a guided walkthrough to configure all the projects in a single sweep.
Powering Kubernetes deployments
Deploy SonarQube Server on Kubernetes with confidence! Enjoy horizontal autoscaling of app pods for faster analysis and optimized resource usage. Plus, we officially support Red Hat OpenShift deployments. Now, you can safely orchestrate all your applications and services together in your Kubernetes deployment of choice.
Extensive Language Support
Python
- Python 3.13
- Django Web Framework
- FastAPI Web Framework
- Graphene-Python Library
Java/Maven
- Java 22
- Maven 4.0
- New architecture rules to reduce circular dependencies
- New sustainability rules to reduce power and battery consumption
- Automatically scans all files from the root of a Maven project
JavaScript/TypeScript
- TypeScript 5.6
- ECMAScript 2022
- React Library
C/C++
- C++23, C23
- GitHub Action for C, C++, and Objective-C
- MISRA C++ 2023 Standard
C#/.NET
- .NET 9
- C#13
- Blazor Framework
- New rules specifically for ASP.NET
- New rules for C# logging best practices in the .NET framework
Others
- Kotlin 2.0
- Kotlin multi-platform projects (KMP) for cross-platform code development
- PHP 8.4
- Go 1.23
- Swift 5.8
- Accessibility rules for HTML
New languages!
- Dart 3.5 / Flutter
- Helm Charts
- Azure Resource Manager (ARM) IaC
- Ansible IaC
- IBM z/OS Job Control Language (JCL)
Ready to experience the power of SonarQube Server? Upgrade to the latest LTA version today and see for yourself, or check out more details ionn the LTA What’s New page and our detailed LTA release documentation.
