SonarQube 8.8 released

Hi all,

SonarSource is proud to announce the release of SonarQube 8.8, which introduces analysis and PR decoration with GitHub actions, CWE Top 25 and PDF download for security reports, many additions to the security analysis and more. Details in the official announcement.

In addition, there are a few other items to note in the release:

  • You now need Node.js >= 10 to analyze CSS code.
  • The main branch of new projects takes the same name as in your code repository platform (MMF-2173).
  • You can now choose to grant project administration rights without delegating permissions management on the project (SONAR-14458).
  • We’ve made a series of accessibility improvements (SONAR-10681, SONAR-11774, SONAR-11959, SONAR-12056, SONAR-12434).
  • We’ve increased the report submission timeout (SONAR-14527).
  • We’ve dropped web services that were deprecated in 6.x versions. If you’re still using them, it’s time to migrate (SONAR-13848).

Additionally, the JavaScript security analysis in commercial editions has been overhauled for far better accuracy. This overhaul results in an expected increase in memory requirement for analysis. Additionally, there is an impact on the duration of JavaScript taint analysis which can be significant for some projects. Work is ongoing in this area.

You’ll find more details in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at