SonarQube 8.6 released

Hi all,

SonarSource is happy to announce the release of SonarQube 8.6, which introduces security analysis in JavaScript, smooth setup for your Azure DevOps Server projects and the ability to review Security Hotspots right in your IDE. More details in the official announcement.

In addition, there are a few other items to note in the release:

  • We’ve made the default configuration more secure. The default administrator credentials have to be updated (MMF-1352) and authenticated access is now the default for any new install (MMF-2146).
  • We’ve added validations on the ALM settings to simplify the set up of any new ALM integration (SONAR-13886).
  • Elasticsearch has been upgraded. This changes the configuration of search nodes in cluster mode. You’ll need to replace several existing search properties with new ones. More on the new configuration in the documentation (SONAR-12686).
  • In GitHub and GitLab cloud services, images used in Pull Request decoration have been relocated to a publicly available location so that they can be displayed even if your SonarQube is not accessible publicly on the Internet (SONAR-13106).
  • The analysis of many languages (Kotlin, Scala, Go, Ruby, Apex…) has been improved to more reliably parse the code and produce fewer false positives.

You’ll find more details in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at sonarqube.org.

 
Chris

6 Likes