Sonar is excited to announce SonarQube Server 2025 Release 3.
Key Capabilities of Release 3
- Security advancements: GA of Advanced Security (SCA & advanced SAST), SAST for Kotlin, expanded secrets detection
- AI progress: End of Early Access for AI CodeFix including AI fix suggestions directly within the IDE
- Expanded compliance: MISRA C++:2023, CWE Top 25 2024, OWASP Mobile Top 10
- Enhanced language coverage: new Rust, PySpark and more Java protection
SonarQube Server 2025 Release 3 introduces significant updates focused on bringing code quality and code security together into a single surface area. This release helps you unify your tooling to achieve secure, well maintained first-party and third-party code with the General Availability (GA) of Advanced Security featuring Software Composition Analysis (SCA) and advanced Static Application Security Testing (SAST), the addition of SAST for Kotlin, and even more secrets detection. Fix issues with a single click as early as in the IDE now that AI CodeFix has ended Early Access, is now available only in Enterprise Edition and Data Center Edition, and includes automated remediation suggestions within the IDE. Ensure your code meets strict compliance standards with expanded MISRA C++:2023 rules, and new reports for CWE Top 25 2024 and OWASP Mobile Top 10. Plus we’ve enhanced our language coverage including newly added Rust and PySpark support, and more native protection for Java 22 and Java 23.
The 2025 Release 3 announcement and our SonarQube Server release notes provide more details about the release.
Are you still using an older version of SonarQube Server?
If you’re on a version older than the 2025 Release 1 LTA, upgrade to the SonarQube Server LTA before upgrading to the latest version. Check out this helpful checklist for a smoother upgrade. Watch the on-demand LTA upgrade webinar, which explains a step-by-step approach and highlights common pitfalls encountered during the upgrade.