How frequently does sonarqube change thier ruleset whether for code quality scanning or security scanning?
Welcome 
as it’s not possible anymore to update the language plugins (i.e. Sonar Java plugin …) independently,
you can almost be sure, that every Sonarqube version brings some changes related to rules and quality profiles through new versions of language plugins (new deprecated rules … etc.).
Gilbert
1 Like
Hi Gilbert,
Thanks for the quick reply.
I wanted to know if i can see the ruleset updates per minor version from 8.9.4 to 9.9
Is there some place i can find this information?
Regards,
Shruthi Subramanya
You may use Sonarqube Jira and search for relevant issues SonarQube - Issues - Jira
i.e. SonarQube - Issues - Jira
Otherwise after update you’ll find deprecated rules listed here https://yoursonarhost/profiles
and as admin you’ll get an email with subject “Built-in quality profiles have been updated”
This mail contains links like that, i.e.
“Sonar way” - C++: https://yoursonarhost/profiles/changelog?language=cpp&name=Sonar+way&since=2022-12-21&to=2022-12-21
6 new rules
[…]
You can also use the Sonarqube web api to show the changelog details,
api/qualityprofiles/changelog