SonarQube for IDE

Home

Install for free

March 07, 2023

SonarQube for IDE: IntelliJ v8.0

This release brings Security Hotspot reporting in your IDE, plus new Quick Fixes for Java and Python.


A Security Hotspot highlights a security-sensitive piece of code requiring developer review. With this latest release, SonarQube for IDE: IntelliJ v8.0 will now alert you to any unreviewed Security Hotspot that is present in the source files you are working on. 


This means any new hotspots introduced by you will be instantly flagged, directly in your favorite IntelliJ IDE.


SonarQube for IDE then offers information about why this is an issue, helps you assess the risk, and offers guidance on how to fix it. Then, simply right-click on the Security Hotspot, and choose Review on Server, to open the Hotspot in SonarQube Server*, and set the output of the review. 


*Available for users of SonarQube Server (min version 9.7) in connected mode to SonarQube for IDE.


Plus:


Find more details in our release notes and community announcement.

February 06, 2023

SonarQube for IDE: IntelliJ v7.4

This release delivers additional improvements to our rule descriptions for injection vulnerabilities, plus new rules for C++ users.



Building upon the structured rule descriptions introduced in v7.3 that help you understand injection vulnerabilities, we have introduced two further enhancements:


  • SonarQube for IDE can now automatically select the most appropriate patch instruction based on the library or framework you are using. Available today with a selection of injection vulnerabilities, this feature will be progressively extended to more rules.
  • We've added a "More info" tab (see image below) within the rule description that delivers educational content with our "Clean Code Principles".  This is designed to help you build Clean Code using the Sonar Clean as You Code methodology.


Plus:

Find more details in our release notes and community announcement.

More Info tab within SonarLint where additional educational content around Clean Code Principles is provided.

December 23, 2022

SonarQube for IDE: IntelliJ v7.3

This release delivers additional help to assist whilst investigating injection vulnerabilities in your IDE, plus additional support for Front-end Developers!



We have introduced more structured rule descriptions to help you better understand injection vulnerabilities. Now, when investigating taint vulnerabilities detected by SonarQube Server analysis directly in your IDE, you can not only visualize the data injection flows directly in the source code but also understand the potential impact and how to fix it.


In addition, this version helps all Front-end Developers deliver Clean Code by extending support for the following front-end languages:

  • CSS analysis in all IntelliJ IDEs supported by SonarQube for IDE
  • JavaScript, TypeScript, and HTML in Rider


Plus:


Find more details in our release notes and community announcement.

November 21, 2022

SonarQube for IDE: IntelliJ v7.2

This release benefits those building .NET applications in Rider and delivers easier integration of SonarQube for IDE to the complete Sonar solution.


Introducing 50+ C# quick fixes for bugs and code smells! Activate them using your usual shortcut in Rider, and allow SonarQube for IDE to rapidly repair flagged issues as you code your .NET application. 


Plus, enjoy new features designed to facilitate your SonarQube for IDE integration to SonarQube Cloud and SonarQube Server, and access to the full Sonar Clean as You Code experience:


  • A simplified authentication to SonarQube Server, with token generation and transfer now taken care of by SonarQube for IDE, with your consent


  • Intelligent notification through SonarQube for IDE that your project is configured for analysis within SonarQube Server or SonarQube Cloud, offering a single-click project binding.


We’ve also added 4 new quick fixes for Python issues!


More details are in our release notes and community announcement.

October 05, 2022

SonarQube for IDE: IntelliJ v7.1

This packed release brings new rules for JavaScript, TypeScript & Python developers, and more!


First, for JS & TS developers, we've added 7 new rules to detect React-specific bugs and code smells

Plus: 

  • Analysis of JS code embedded inside AWS template files in YAML
  • Support for TypeScript 4.8


Then, for Python developers


  • 7 new rules dedicated to ensuring the quality of your unit test code


And to conclude, we've added support for Kotlin 1.7 and PHP 8.2!


Read more in our release notes and community announcement.

August 23, 2022

SonarQube for IDE: IntelliJ v7.0

This release brings additional productivity enhancements for teams using Connected Mode to SonarQube Server 9.6 and above.


Using Connected Mode to SonarQube Server, and delivering access to the complete Sonar solution, issue synchronization will happen automatically and in real-time, thanks to server-sent events.


Thus, when suppressing an issue in SonarQube Server, or when the branch analysis detects a new SQL injection, this will be synced to SonarQube for IDE in seconds - with no need to refresh - ensuring team alignment.


As a reminder, binding your local project to SonarQube Server using Connected Mode:

  • Keeps noise to a minimum by avoiding reporting any issues already reviewed and marked as “Won’t Fix” or “False Positive” by yourself or other contributors in SonarQube Server.


  • Will pull, and help you investigate, any taint vulnerabilities (e.g., SQL injections) detected by SonarQube Server (starting from Developer Edition) in your IntelliJ IDE.


Read more in our release notes and community announcement.

July 15, 2022

SonarQube for IDE: IntelliJ v6.8

This packed release brings support for quick fixes in Pythonnew rules for Java developers, and much more.


SonarQube for IDE in IntelliJ now offers quick fixes to effortlessly repair your Python issues, before they are committed. You can browse all Python detections providing quick fixes here. Available when using SonarQube for IDE alone, or in connected mode to SonarQube Cloud, these complement the many quick fixes already supported for selected rules in Java, Javascript, Typescript, C and C++.


Additionally, for Java developers, 7 new rules are available to help build clean cloud-native applications for AWS and avoid common pitfalls.  A description of the new rules can be found here. Plus, a further 6 rules dedicated to regular expressions, helping to reduce their complexity for better readability and maintainability. SonarQube for IDE now supports 30 rules to help write clean regex in Java.


Also included with this release:

  • New rules to help C# developers write clean Azure functions
  • Support for TypeScript 4.7
  • Support for Ruby 3.1
  • Improvements for .NET in Rider


Read more in our release notes and community announcement.

March 25, 2022

SonarQube for IDE: IntelliJ v6.6

This release enables SonarQube for IDE’s branch support within IntelliJ, and more!


Building upon its existing ability to synchronize issue suppressions (i.e issues marked as Won’t Fix or False Positives) SonarQube for IDE now enables issue synchronization to any branch (main, feature branch, dev branch …) you’re working on.


Simply bind your local project to SonarQube Server using Connected Mode so you can focus on relevant issues in your IDE. No additional configuration is required, and it's available across the full range of Sonar supported JetBrains IDEs!


In addition, we’ve added 15 additional Quick Fixes for C++ developers using CLion. You can browse all C++ rules where we provide Quick Fixes here.


Learn more in our release notes or check out this community release announcement.

  • Legal documentation
  • Trust center
  • Follow SonarSource on Twitter
  • Follow SonarSource on Linkedin

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.