SonarQube 7.8 released

Hi all,

SonarSource is proud to announce the release of SonarQube 7.8, which includes greatly enhanced security capabilities and a far better security review experience. More details in the official announcement.

Before you upgrade, there are a number of things you should be aware of. They’re detailed in the upgrade notes, but we list some of the most significant here:

  • Support has been added in SonarQube and the scanners for Java 11 and for Java 12 in SonarJava. The SonarQube / scanner support means you may need to upgrade your scanners.
  • Notifications have been reworked. You’ll see less spam (one email per event instead of one per issue!) and better performance.
  • We’ve made a start on strict MISRA support. If you’re on Developer Edition or above, you’ll find 32 rules from MISRA C++ 2008 available, with more to come!
  • The recalculation of Portfolios (Enterprise Edition and above) can now be held for scheduled times, rather than run immediately, potentially improving overall responsiveness.
  • This is the last version that will support MySQL. Now’s the time to start investigating the free database migrator tool we’ve crafted if you haven’t already.
  • Using sonar.branch now fails analysis. See the upgrade notes for migration.
  • If you’re running on Linux, you may need to upgrade the numbers of open files and processes your SonarQube instance can have because we’ve started enforcing Elasticsearch’s bootstrap checks.
  • We’ve dropped web services that were deprecated in 5.x versions. If you’re still using them, it’s finally time to migrate.

Again, you’ll find more details in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at sonarqube.org.

:sunglasses:
Ann & Chris

6 Likes

Hi

I upgraded from 7.7 Community Edition to 7.8 Community Edition. The ‘Security Reports’ option is no longer available. Can’t find any note of this change in the Release Notes. Can you advise please?

Thanks
Huan

Greetings Huan,

Indeed, Security Reports no longer available in the Community and Developer Edition of SonarQube (or SonarCloud, for that matter)

I would recommend taking a look at thus announcement made for our SonarCloud Community for a more detailed discussion about why we took this decision.

Specifically:

Colin

1 Like

Thanks Colin for pointing out the announcement.

I wish I had seen it before and provided some feedback.

Finally, we removed the “Security Reports” feature. As a developer, reports are not as useful as an actionable list of issues and this is provided by the Issues Page and its new Security Category filter.

Though Issues page acts as a better actionable list for developers, the “Security Reports” provides a better overview, i.e. a better report. “Security Reports” on the top menu also prompts developers to get familiar with and be aware of commonly referenced security context like OWASP Top 10 and SANS Top 25 etc. That culture of not solely replying on Security experts to catch all stuff afterwards but instead making developers security minded in the first place is very important to our environment. I believe many others will share the same value.

Any chance you can bring it back please?

Thanks
Huan

Does SonarQube v7.8 still support Java 8? I looked at the pre-requisites and it said support for Java 8 has been deprecated. Will we need to upgrade our server to use Java 11 or 12 instead of 8? And what are the implications for that?

Toan,

SonarQube v7.8 supports Java 8 and 11 Runtime.

SonarQube v7.9 will require a Java 11 Runtime. At this same time, SonarQube Scanners will also need to use Java 11.

Best regards,

Colin

1 Like

Thanks for the reply :slight_smile:

A post was split to a new topic: New 7.8 instance won’t starty