Sonar is excited to announce SonarQube Server 2025 Release 2. Inside, you’ll find that we’ve expanded AI CodeFix rule coverage, and you can now use your own LLM for AI CodeFix. We’ve added new architectural constraints for your projects and expanded architecture analysis. AI/ML developers using PySpark or developing Python code in Jupyter Notebooks within PyCharm get added support. Read on to find out more…

Expanding AI CodeFix

In an effort to open up AI CodeFix to use alternate LLMs from what Sonar provides by default, you can now use your own Azure OpenAI service for AI CodeFix. You maintain complete control over access to AI CodeFix with a secure LLM endpoint in your Azure environment for enhanced data privacy and security. Using your own Azure OpenAI service gives you better control over the performance and scalability of AI CodeFix. It ensures you remain in compliance with data privacy regulations and internal security policies. Additionally, Sonar is extending AI CodeFix to help developers quickly and efficiently remediate more of the issues raised by SonarQube. This extension increases the rule coverage by AI CodeFix across multiple programming languages, ultimately improving code quality and developer productivity with relative ease.

Available in Developer Edition | Enterprise Edition | Data Center Edition

Reduce Architecture Drift

Using a script format, developers and technical leads can define the architectural constraints of a project. When code diverges from the specified constraints, SonarQube Server will raise issues that developers must address to bring the code back in line with the defined architectural constraints. Poor architecture leads to architectural technical debt. Our introduction to architecture rules helps developers find inefficient code due to circular dependencies across classes in Java code, which has now also been expanded to detect cycles in Javascript and Typescript. For example, this happens when class A references class B, class B references class C, and class C references class A. These kinds of dependencies can be hard to find, and now SonarQube Server helps developers uncover and correct these issues in both Java and JS/TS.

Available in Developer Edition | Enterprise Edition | Data Center Edition

More Protection for AI/ML Code

Python developers building apps that leverage Apache Spark for large-scale data processing will be excited to discover that SonarQube Server now includes over ten rules to help find and fix issues when using the PySpark Python library. Are you using Jupyter Notebooks in PyCharm? In this release, SonarQube for IDE adds issue detection in PyCharm for developers who create Python code in code cells within Jupyter Notebooks. SonarQube for IDE now supports the two most popular IDEs, VS Code and PyCharm, for building Jupyter Notebooks.

Available in Developer Edition | Enterprise Edition | Data Center Edition

File-level Test Metrics for .NET

.NET developers will see test-related metrics down to the file level in their .NET projects like other languages, such as Java, already do. The SonarScaner for .NET will calculate and pass to the server the per-file metrics of your unit tests, giving .NET developers much-needed details of their unit test results right within the SonarQube UI.

Available in Developer Edition | Enterprise Edition | Data Center Edition

More Protection for Spring

We’ve added about a dozen new rules for a total of 53 rules in SonarQube to help developers avoid common pitfalls in Java code when using the Spring framework to build enterprise-ready applications.

Available in Developer Edition | Enterprise Edition | Data Center Edition

Introducing Security for Golang

We’ve extended our coverage of Go to include code security. Twenty-four new security rules have been added for our introductory SAST coverage in Go. The new rules cover security issues, including cryptographic misconfigurations and security misconfigurations such as cookies, hashing algorithms, and sending information in clear text. Now, Go developers can confidently write more secure code.

Available in Developer Edition | Enterprise Edition | Data Center Edition

Latest Dart and Kotlin Versions

We’ve updated our Dart analyzer to support Dart 3.6 and 3.7. For Kotlin developers, we rebuilt over eighty rules to support Kotlin 2.0 and the new K2 compiler. As a result, Kotlin analysis is now 50% faster than before this release. Kotlin developers can now not only use Sonar to analyze Kotlin 2.0 and newer, but it also performs better than before.

Available in Developer Edition | Enterprise Edition | Data Center Edition

Run in an IPv6-only Infrastructure

You can now operate SonarQube Server in an IPv6-only environment. This benefits companies that are operating large environments with workloads taking up a huge number of IP addresses, such as serverless and container applications.

Available in Developer Edition | Enterprise Edition | Data Center Edition

Details of SonarQube Server Release 2 are in the SonarQube Server release notes.

Ready to experience the power of SonarQube Server? Get it today and find out.