Hello,
With the latest release of SonarQube Server 2025.4, we have launched our next-generation taint analysis engine for JavaScript and TypeScript.
This engine is activated by default on SonarQube Cloud, but it is an opt-in feature for existing SonarQube Server customers who upgrade to 2025.4.
The new engine provides more accurate and actionable security findings for JavaScript and TypeScript, with minimal or no impact on overall scan performance. As an administrator, you can enable the new JS/TS taint analysis engine under Administration > Configuration > General Settings > SAST Engine > Use new JS/TS Taint Analysis engine.
With the upcoming release of SonarQube Server 2025.5, scheduled for the end of September 2025, the next-generation taint analysis engine for JavaScript and TypeScript will become the default for all users.
Enjoy!
Alex