If you don’t follow our blog, you might not be aware that we’ve had a big week this week. Sure, we added support for Java 25 on SonarQube Cloud (self-hosted coming soon). But that’s small potatoes compared to this week’s other announcements: a native MCP Server in SonarQube Cloud 
and a partnership with Wiz for unified security visibility with a “code-to-cloud feedback loop.”
But of course, none of this is possible without the solid foundation of our core analysis, which depends on your adoption, usage and not least on your feedback. So now, like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback to drive continuous improvement in our products.
SonarQube Cloud
- New project creation via Jenkins CI using a personal access token was failing with a 404 error, as @ColinMorris83 let us know; a fix was pushed the same day and confirmed working.
SonarQube Server / Community Build
-
The Swift analyzer fails on ARM64 Linux runners with “cannot execute binary file” in SonarQube Server 2026.1, as @Eman_Harri reported; we’ll not only fix it going forward, but we’re pleased to share that we’ll also backport linux-arm64 support to 2026.1. It should be available in the coming weeks.
-
@Hefaistos68 pointed out that the Azure DevOps integration generates malformed URLs when project names contain spaces or hyphens, causing repeated connection failures and warning spam in SonarQube Server 2026.1; we’re on it.
-
During a 2025.5-to-2026.1 upgrade on Windows with MSSQL, @MrSco ran into an “integrated authentication” error because the upgrade path links to 2025.5 database docs, which reference the wrong MSSQL JDBC auth driver version; @MrSco tracked down the fix (
mssql-jdbc_auth-12.10.2.x64.dllfrom the 2026.1 docs), and we’ll fix the documentation link.
SonarQube for IDE
- @cdwko let us know that Sonar rules no longer appear in Visual Studio’s “Suppress or Configure Issues” menu, requiring extra steps to suppress warnings inline; a prototype fix has been built and a ticket is open to track its release.
Rules & Languages
-
Coverage from Jest shards isn’t merged correctly when multiple lcov files are provided, as @abuono_pictet flagged, leading to inaccurate coverage numbers; a fix shipped in SonarJS 12.1 and should be deployed within the next couple of days.
-
@RJM had previously flagged a false positive for
csharpsquid:S1144on private methods inside C# 14 extension blocks in Visual Studio, and we shipped a fix. @MLefebvre_progi pointed out that it needed fixing for IntelliJ IDEs too. We’re on it.
-
The safe images list for
docker:S6471isn’t honored when the configured entry has no tag but theFROMstatement uses a tagged version of the same image, @marcin.bebas let us know; a ticket has been raised to fix the rule. -
@1337_Nerd was on fire this week.
-
First they reported a false positive for
rpg:S1902when using a global data structure element in alike()parameter definition inside a subprocedure, which is flagged as referencing a global variable even though no value is being read; we’re on it. -
Next they let us know that,
rpg:S1633fires incorrectly onin *dtaara, flagging it as undefined despite data areas being declared by definition when that keyword is used; we’re on it. -
Then it was that
rpg:S2793incorrectly fires on data structures declared with theLIKERECkeyword; IBM documentation confirms thatLIKEREC, likeLIKEDS, implicitly qualifies a data structure, and a fix is in the works. -
And finally, fixed-format comments placed before the
**freedefinition in RPG code prevent the file from being recognized as fully free format, causing a cascade of incorrect warnings across the entire file; a fix is coming in the next release and will be backported.
Thanks a bunch @1337_Nerd!
-
And thanks again to everyone mentioned here - and to anyone we may have missed - for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann