SONARQUBE 10.5
latest release announcement
In the 10.5 release of SonarQube, weโre thrilled to announce support for Java 21, C++23, and TypeScript 5.4. * Secrets detection analysis is faster and deeper SAST coverage has increased. Weโve simplified onboarding projects for monorepos in GitHub and GitLab, Maven, and GitHub Actions. We have doubled the rules for Kubernetes and Helm Charts. With the addition of the TensorFlow library, we expand our support of common libraries used by Machine Learning (ML) practitioners. Details on that and more are below.
Major Language Updates
Java 21 LTS and TypeScript 5.4 Now Supported
Sonar continues its dedication to supporting the latest advances in languages by adding support for Java 21 LTS. This includes updating existing rules to support the language changes and adding eleven new rules designed to cover new language features in Java 21. For TypeScript developers, weโve added support for the latest TypeScript version 5.4.ย
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Support For C++23
Sonar helps pave the way for C++ early adopters by adding support for C++23. The adoption of C++20 has been progressing well, and Sonar expects that trend to continue with the adoption of C++23. Now, you can code in C++23 with all the safeguards you expect from SonarQube. All existing C++ rules have been updated to take into account the changes in the new version.
Available inย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Faster Secret Detection Analysis
When running on a multicore/multi-CPU machine, the secrets detection engine now leverages parallel CPUs for secret scanning. This guarantees that secret detection analysis has zero performance impact on overall analysis performance.ย
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
More Libraries for Deeper SAST
In our continued effort to improveย deeper SAST, weโve increased our coverage of public Java libraries by an order of magnitude, so we now cover the two thousand public libraries most used by developers. The result is that Deeper SAST is even more powerful in detecting those deeply hidden vulnerabilities and will uncover more issues in your code.
Available inย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Kubernetes and Helm Charts Improvements
As Kubernetes and Helm Chart popularity grows, SonarQube is doubling our rules to sixteen security rules and sixteen maintainability best practice rules for Kubernetes and Helm Charts.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
TensorFlow, Date, and Time Libraries in Python
We have added support for the TensorFlow library, one of the top Python libraries used for AI/ML development. This increases our support for three of the top Python libraries that Machine Learning practitioners use: TensorFlow, NumPy, and Pandas. In our effort to make continuous improvements to help Python developers, we’ve added seven new rules to avoid pitfalls when using Date & Time libraries.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
C# in .NET Logging Best Practices and ASP.NET MVC Framework
Logging is an important part of developing robust applications and now SonarQube helps you withย good C# logging practicesย in the .NET framework. With fifteen new rules for logging, you can avoid common pitfalls and be sure to follow logging best practices. In this release, we also added nine new rules to support the ASP.net MVC framework. Combined with our support for Blazor, SonarQube now covers most web app development in .NET.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Expansion of Accessibility to Cover HTML
To help you write accessible code for front-end applications, we have ported sixteen rules from JavaScript to HTML bringing the total number of accessibility rules between JavaScript, Typescript, and HTML to just under one hundred. This means the same accessibility coverage you have for writing JavaScript and React code now covers you when you write HTML code.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Improved Code Efficiency in Java
To improve the sustainability of your code, weโve added eleven new rules for Java enterprise and Java Android mobile developers to improve efficiency in your code. These new rules are our first step in aiding you in reducing your applications’ power and battery consumption.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Clean Your Entire Mainframe Ecosystem
Sonar helps clean the entire mainframe ecosystem, not just COBOL code. Now, we have rules to cover Job Control Language (JCL), a commonly used mainframe scripting language used to orchestrate the execution of COBOL programs.
Available inย Enterprise Editionย |ย Data Center Edition
Simplified Project Onboarding & Analysis Config
Guided Configuration of All Projects in a Monorepo
Monorepos are single repositories that contain multiple projects. As of this release, you will import your monorepos from GitHub or GitLab, and then SonarQube will guide you through setting up each project in the monorepo. During the guided onboarding of projects, SonarQube suggests a prefix for your project names, then you simply add a project reference and key, select your new code definition, set up the analysis, and the projects are automatically set with their pull request decoration. Itโs that easy!
Available inย Enterprise Editionย |ย Data Center Edition
Maven Scanner Scans All Files
The new SonarScanner for Maven version 3.11 now automatically scans all files from the root of a Maven project, including Dockerfiles, CI config files, src/main/resources, etc. Before this release, the Maven scanner only analyzed files of standard Java projects in src/main/java and src/test/java. You no longer need to overrideย sonar.sources
ย andย sonar.tests
ย to scan all files in the root Maven directory. This feature is disabled by default so the scanner doesnโt suddenly pick up files unintentionally. To enable this feature,ย set sonar.maven.scanAll
ย to true.
Available inย Community Editionย |ย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
New C, C++, and Objective-C GitHub Action
Sonar is excited to announce a new SonarQube GitHub Action for C, C++, and Objective-C. This milestone eliminates the manual setup of a GitHub Action to scan your C, C++, and Objective-C code. You can find the official Sonar-supplied GitHub Action in theย GitHub Action Marketplace.ย
Available inย Developer Editionย |ย Enterprise Editionย |ย Data Center Edition
Other Changes to Note
JavaScript/TypeScript:
- Ongoing precision improvements were made to reduce false positive rates.
Java/Kotlin:
- Added five new rules.
.NET:
- Promoted seven rules to the Sonar way quality profile.
Python:
- Ongoing precision improvements were made to reduce false positive rates.
Updated views with the new Clean Code Taxonomy for:
- Projects
- Applications
- Portfolios
Ending Support for Node.js V16:
- Node.js V16 end of life was on September 11th, 2023, and SonarQube is no longer supporting it as of this release. Most developers will not be impacted, but if you are not on Linux x64, Windows x64, or Apple ARM64, you must upgrade to the latest LTS of Node.js manually, or your analysis will stop working.
SmartNet Sonar
CleanCode CleanasYouCode SonarQube SonarLint SonarCloud DevOps GitHub helmcharts python java kubernetes developertools CodeQuality
—-
๐ฆ๐บ๐ฎ๐ฟ๐๐ก๐ฒ๐ – Proud to be a provider of network security services and security solutions from the world’s leading technology companies. Contact our professional team for solution consultation, quotes, and technical support:
๐ฆ๐บ๐ฎ๐ฟ๐๐ก๐ฒ๐ ๐ง๐ฒ๐ฐ๐ต๐ป๐ผ๐น๐ผ๐ด๐ ๐๐ผ๐บ๐ฝ๐ฎ๐ป๐ ๐๐ถ๐บ๐ถ๐๐ฒ๐ฑ
๐ Office 412, Dreamland Bonanza Building, 23 Duy Tan Street, My Dinh 2 Ward, Nam Tu Liem District, Hanoi, Vietnam
๐ 259 Dong Den Street, 10 Ward, Tan Binh District, HCMC
๐ 024 7774 8886
๐ https://smartnet.net.vn/