Home

SonarQube Server 2025.1 LTA

LTA release announcement

What have we been doing since the last SonarQube Server 9.9 LTA? Well, quite frankly, a ton! We even changed the versioning scheme to reinforce the huge breakthroughs we've made. The current SonarQube Server 2025.1 LTA contains transformative advancements and widespread improvements, making it the most feature-packed LTA in SonarQube Server's history. Whether you’re a developer, engineering lead, DevOps engineer, security and compliance engineer, or in platform engineering, the new LTA has something to propel your SDLC to new heights.

What's inside the new 2025.1 LTA

High-Impact AI Enhancements

Quality & security assured AI-generated code

AI coding assistants help developers build faster, but can introduce unwanted quality and security issues into your code. AI Code Assurance helps developers verify the AI-generated code in their projects, including the ability to autodetect when GitHub Copilot is used to generate code. SonarQube Server performs automated code reviews and displays a real-time AI Code Assurance quality status for projects containing AI-generated code, ensuring only the highest-quality AI code makes it to production. Use the included Sonar recommended AI Code Assurance quality gate or build your own custom AI Code Assurance quality gate to ensure all AI code meets your discerning standard.

Accelerate issue resolution with AI CodeFix

With a single click, AI CodeFix suggests code fixes for issues discovered by SonarQube Server, boosting developer productivity by automating common resolutions. Quickly open AI CodeFix suggestions in the IDE and apply them directly in IntelliJ, VS Code, Visual Studio, and Eclipse.

Build secure high-quality AI into your apps

Data scientists and ML practitioners, rejoice! SonarQube Server provides unique rules to detect issues in the top Python libraries: PyTorch, TensorFlow, Scikit-learn, NumPy, Pandas, and even covers code embedded in Jupyter Notebooks. Protect your AI/ML apps from common coding pitfalls and ensure they’re production-ready at every stage of development.

Cutting-Edge Security Innovations

Advanced secrets detection

Sonar's advanced secrets detection engine protects your code with 120+ rules covering 160+ secrets patterns and 110+ cloud services covering public and private services. Detect secrets in your IDE and prevent them from ever reaching your repository. Parallel processing ensures zero impact on overall analysis performance. Enterprise and Data Center Editions allow you to configure custom rules to protect your company-specific secrets.

New security reports

New reports reduce risk based on security standards CWE Top 25 2022 and 2023, STIG and CASA, helping you assess your codebase against common vulnerabilities. With the addition of the latest security reports, SonarQube Server helps you demonstrate compliance with these popular standards.

Improved SAST for Java, Spring, Dockerfiles, and now Helm

With new updates to our Java security analysis engine, it now boasts a ~90% True Positive Rate on major benchmarks. The addition of over 200 security rules for the popular Spring Framework moves it to the complete coverage category. Lastly, we’ve added over forty best practice rules to weed out any security misconfigurations in your Dockerfiles and Helm charts for secure Docker deployments.

Sync security issues with your IDE and GitLab

SonarQube for IDE (VSCode and IntelliJ) now syncs security hotspot status with SonarQube Server in real-time, allowing you to focus on issues that need attention while you code. Issue status changes made in the IDE are instantly reflected in SonarQube Server. SonarQube Server integrates with GitLab, providing two-way synchronization of vulnerability issues with the GitLab Vulnerability Report.

Supercharge Developer Productivity

Faster first analysis and overall scan times

Based on benchmark testing, projects that previously took hours to perform the first analysis now take only five minutes or less, including the first scan after updating SonarQube Server. Scan times and bandwidth are significantly reduced because the scanner now only downloads the specific analyzers required for the project based on the files and language of the project.

Dual operating modes

You can operate SonarQube Server in one of two operating modes. Standard Experience preserves familiar rule and issue qualities and severities for users of 9.9 LTA and earlier. Multi Quality Rule (MQR) Mode has multiple qualities per issue and rule. MQR Mode introduces a new taxonomy focused on writing better code by preventing the outcomes of poorly written software including new software qualities, refined severity levels, and independent severities per quality. You can also prioritize rules to enforce company code standards and prevent releases that don’t meet your standards.

Better user experience for developers

We designed our new sleek UI to improve developer productivity and ease developer fatigue with a better user experience. You can open issues directly in your IDE with one click, eliminating the time it takes to find the issue in your code. We've also improved resolution guidance and enhanced the quality gate experience, for example, by focusing developer's attention on the number of found issues and accepted issues in new code. You can now see exactly which issues are fixed in a pull request before merging! No more guesswork or accidental rework. Additionally, the number of accepted and fixed issues is displayed in the pull request comments in your DevOps platform for a seamless developer experience. Level up your coding skills and sharpen your mastery with Sonar's expanded Learn as You Code (LaYC) educational content!

Enterprise and Operational Excellence

Elevate your server security posture

SonarQube Server streamlines user and group management with SCIM support for SAML/Azure AD and SAML/Okta in Enterprise and Data Center Editions. Automatic provisioning and synchronization with GitHub and GitLab eliminates manual user/group management and ensures consistent permissions across environments. Create custom roles and permission mapping overriding defaults to adapt to your company needs. This enhances security, reduces admin overhead, and simplifies project permission management. SonarQube Server now supports running in FIPS-enforced environments, modern authentication with Microsoft SMTP Server, and it enforces stricter password policies for local accounts, boosting overall security and compliance.

Easier predictable updates

Updating SonarQube Server is now faster and more predictable, with minimal downtime and disruption to your workflow. We've optimized the reindexing process, added update time estimations, and provided detailed activity logs to track changes. Plus, a new log file helps you identify deprecated web APIs and parameters for smoother updates. Be sure to update to the latest 9.9.8 LTA before updating to the 2025.1 LTA to take advantage of our optimized db update process and reduce update time by an order of magnitude.

Simplified project onboarding

Setting up projects just got easier with SonarQube Server! AutoConfig for C and C++ eliminates the need for Build Wrapper and Compilation Database, supporting most compilers out-of-the-box. Analyze multiple C/C++ code variants within the same project. Effortlessly configure projects in monorepos with a guided walkthrough to configure all the projects in a single sweep.

Powering Kubernetes deployments

Deploy SonarQube Server on Kubernetes with confidence! Enjoy horizontal autoscaling of app pods for faster analysis and optimized resource usage. Plus, we officially support Red Hat OpenShift deployments. Now, you can safely orchestrate all your applications and services together in your Kubernetes deployment of choice.

Extensive Language Support

Since the last SonarQube Server 9.9 LTA, we've added hundreds of new rules and improved even more, delivering best-in-class code quality and security capability to keep your code free of issues. We've added support for the latest versions of languages and added many new frameworks so you can be sure you're using their constructs in the right way. Here's what you'll get in the latest 2025.1 LTA.

Python

Python 3.13
Django Web Framework
FastAPI Web Framework
Graphene-Python Library

Java/Maven

Java 22
Maven 4.0
New architecture rules to reduce circular dependencies
New sustainability rules to reduce power and battery consumption
Automatically scans all files from the root of a Maven project

JavaScript/TypeScript

TypeScript 5.6
ECMAScript 2022
React Library

C/C++

C++23, C23
GitHub Action for C, C++, and Objective-C
MISRA C++ 2023 Standard

C#/.NET

.NET 9
C#13
Blazor Framework
New rules specifically for ASP.NET
New rules for C# logging best practices in the .NET framework

Others

Kotlin 2.0
Kotlin multi-platform projects (KMP) for cross-platform code development
PHP 8.4
Go 1.21
Swift 5.8
Accessibility rules for HTML

New languages!

Dart 3.5 for building high quality Flutter apps
Azure Resource Manager (ARM) IaC
Ansible IaC
IBM z/OS Job Control Language (JCL)

Ready to experience the power of SonarQube Server 2025.1 LTA? Update to the latest 2025.1 LTA today and see for yourself, or check out our detailed LTA release documentation.

twitter facebook linkedin mail

The abiding value of an LTA

Last but not least, this is the new Long-Term Active version! That means support and patches for blocker bugs and vulnerabilities for at least the next 12 months - until the next LTA is released. If you're looking for the stability of a hardened, fully supported version, the LTA is what you're after.

So what are you waiting for?

Why LTA

Get started with SonarQube 2025 Release 1 LTA

Download now Start free trial