Start Free
10.6 | Server installation and setup | Release notes

Release notes

On this page

This page groups the release notes for SonarQube, with a focus on new features and enhancements. Links to the full release notes for each version are available below.

To check for breaking changes before an upgrade, refer to the release upgrade notes.

SonarQube 10.6 release notes

Full release notes

Server installation and upgrade

Upgrade predictability and monitoring during the database migration

The upgrade now shows the progress of the database migration and gives an estimate of when it will complete.

Autoscaling SonarQube cluster in Kubernetes

Available in Data Center Edition

When running a cluster in Kubernetes, SonarQube will automatically scale pods in and out using Kubernetes HorizontalPodAutoscaler (HPA) depending on the load.

FIPS compliance

SonarQube server can now run in FIPS-enforced environments.

Developer workflow

Branch and pull request overview simplified

Duplication of failed quality gate conditions has been reduced. New and overall code are presented in their own tabs, improving focus on new code while practicing Clean as You Code.

Clean as You Code in-product guided tour 

The project page offers an in-product guided tour that explains the basics of Clean as You Code and the main concepts behind the methodology.

Set rule priority to uphold your coding standards

Starting in Enterprise Edition

A dev manager or anyone who determines company code standards can now configure the priority of rules in the quality profile and add a quality gate condition to the overall code so that developers can address the corresponding issues before the next release.

Connected Mode

Open issue from SonarQube in Visual Studio

In Connected Mode, you can open an issue from SonarQube in Visual Studio. The feature is now available in all IDE flavors. 

For details, see Connected mode.

Report dataflow bugs in VS Code and IntelliJ

Starting in Developer Edition

In Connected Mode, SonarLint reports in VS Code and IntelliJ the Java and Python dataflow bug detection (DBD) issues that can be detected by analyzing a single file.

Share connected mode setup with other contributors

It’s now possible to share a Connected Mode setup configuration file with your team, simplifying the setup process.

For details, see the "Sharing your setup" section on the Team features page for your IDE.

Detect your custom secret patterns in SonarLint for Visual Studio

Starting in Enterprise Edition when running in Connected mode.

In Connected Mode, SonarLint for Visual Studio can now detect your custom secret patterns before they are shared with SCM repositories. The feature is now available for all the SonarLint IDE flavors. See "Defining custom secret patterns" on the Secrets page for more details.

API & DevOps integration

One-step bulk import of GitLab repositories

It's now possible to import multiple GitLab repositories at once.

Simplified monorepo setup for Azure DevOps and Bitbucket

Starting in Enterprise Edition

An in-product walkthrough for setting up monorepo projects is now available for AzureDevOps and Bitbucket, as well as for all DevOps platforms.

Languages and rules

Additional support for C++23

Rules for C++23 have been updated, adding the support for the “deducing this” capability.

Security rules for Spring

There are now 6 new rules to detect security issues in Spring configuration files. 

Accessibility rules in HTML and React/JSX

10 new accessibility rules are now available for HTML and for React/JSX in JavaScript/TypeScript.

Python

  • Support for machine learning has been increased with support for the Scikit-Learn library.
  • New rules for date and time libraries have been added.

New rules for Azure Resource Manager

11 new rules covering Azure Resource Manager templates are now available.

Support for WebAPI and MVC for ASP.NET Core

9 new ASP.NET rules are now available, adding support for WebAPI endpoints and MVC controllers. 

.NET cryptography rules updated

The .NET cryptography rules are now up to date with the 2024 state of the art. 

Improvements to MISRA C++2023 rules

The MISRA C++2023 rules have been reviewed, and relevant ideas have been used to improve or add rules for C++ in Sonar way.

Analysis setup and configuration

Specific JRE version no longer needed for CLI and NPM scanners 

The CLI and NPM scanners no longer require a specific version of the Java Runtime Environment to run. This removes the need to update the JRE version used in the pipelines.

C and C++ analysis can run on Linux ARM64

C and C++ analysis is now supported for Linux ARM64.

Improved experience for C and C++ analysis

To improve the experience of setting up C and C++ project analysis: 

  •  Sonar’s Build Wrapper now generates a compilation database.
  • An automatic configuration mode is now available. Using Build Wrapper is no longer a requirement for scanning most C and C++ projects.

For details, see Analysis modes.



Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License