[Webinar] What to Expect When Upgrading to the New SonarQube Server LTA

Sonar Updates
, ,
1

Hi all,

On Wednesday, February 5th Sonar hosted, “What to Expect When Upgrading to the New SonarQube Server LTA” Webinar.

In this webinar, we walked through the key features of the new LTA which packages together everything in all the SonarQube Server releases from 10.0 to 10.8.

This release includes:

  • Revolutionary AI capabilities
  • Cutting edge security innovations
  • Supercharging developer productivity
  • Enterprise and operational excellence
  • Extensive language support including new languages

You can access the webinar recording on our website, and below you can find the questions and answers from the webinar.

Audience Questions & Answers:

  • Q: Does “Contains AI-Generated Code” settings need to be turned on to detect AI code?
    A: A specific setting “Autodetect AI-Generated Code” controls whether you allow SonarQube Server to autodetect AI-generated code in projects.

  • Q: Can we completely turn off the AI features in LTA?
    A: AI Code Fix is not enabled by default. If you’d like to completely hide the feature from all users, including instance admins, please look at the way to proceed here: https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/system-functions/managing-ai-features/

  • Q: How do the AI elements work, does SonarQube have to go out to the internet to do the checks as we have concerns about protecting the IP of our code?
    A: AI CodeFix currently needs an internet connection to send the code snippets to the Sonar service that interacts with the LLM provider. You’ll find more information about it: https://docs.sonarsource.com/sonarqube-server/latest/ai-capabilities/ai-fix-suggestions/

  • Q: Will the AI feature be included in the existing Developer license?
    A: AI CodeFix is available in Early Access for all commercial editions of SonarQube Server.

  • Q: Can we disable AI codefix on a global level then? We don’t want any data sent offsite.
    A: AI CodeFix is not enabled by default. If you’d like to completely hide the feature from all users, including instance admins, please look at the way to proceed here: https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/system-functions/managing-ai-features/

  • Q: Hi there, I understood that premium support will be imposed, is it correct?
    A: I invite you to reach out to your Sonar Account Manager to discuss this topic in more details.

  • Q: Can we integrate with other AI’s i.e. chatgpt?
    A: If your question is about the detection of AI-generated code, we are considering extending this detection to other AI tools.

  • Q: Can AI Code Fix be turned off? Our company probably won’t want our code snippets sent off our intranet.
    A: It is disabled by default. The admin needs to enable it if you want to use it.

  • Q: Why yet another abbreviation: LTA? We already have LTS.
    A: LTS is now referred to as Long-Term Active (LTA). It appears that having two meanings of “support” (Commercial “Support” and “supported” version) was causing some friction.

  • Q: Are there new hardware requirements for this new version?
    A: Not really. As with all software, the server should be sized for your performance and lines of code scanned needs. https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/installation-requirements/server-host/

  • Q: We are transitioning applications from Okta to Microsoft Entra. Does SonarQube 9.9+ support Entra? Is this an easy switch over? Or is it best to just leave GitHub as our sonar instance auth?
    A: SAML support for Entra is there in the latest LTA. I would recommend testing and making sure it meets your requirements. https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/authentication/saml/ms-entra-id/setup-in-sq/

  • Q: IDE refers to any IDE or a fix set of IDEs like Visual Studio, Visual Studio Code etc.?
    A: SonarQube for IDE is available in your preferred IDEs: Visual Studio, VS Code, IntelliJ IDEs, and Eclipse.

  • Q: Is there an extension or sonar plugin available on intellij idea?
    A: SonarQube is available in your preferred IDE, including IntelliJ. You’ll find more about it here: https://www.sonarsource.com/products/sonarlint/

  • Q: Is the Security issue sync feature limited to GitLab only or works for other tools like GitHub and Bitbucket?
    A: SonarQube Server also reports security alerts directly in the GitHub Advanced Security reports. You can read more about it here: https://docs.sonarsource.com/sonarqube-server/latest/devops-platform-integration/github-integration/setting-up-at-global-level/report-security-alerts/#overview

  • Q: Which AI model does the Sonar AI integration use behind the scenes? Can I configure sonar to use our own AI module?
    A: SonarQube Server currently uses OpenAI’s GPT-4 to generate the suggestions. You can find more about it here: https://docs.sonarsource.com/sonarqube-server/latest/ai-capabilities/ai-fix-suggestions/. We are considering enabling your own models.

  • Q: Any integration with GitHub Advanced Security later?
    A: SonarQube Server integrates with GitHub Advanced Security to report security alerts directly into the security report available in GitHub. You can read more about it here: https://docs.sonarsource.com/sonarqube-server/latest/devops-platform-integration/github-integration/setting-up-at-global-level/report-security-alerts/#overview

  • Q: We are in a process of upgrading from V9.9.6 to 2025.1 LTA, however we are facing issue with Elastic Search while starting the Sonar windows services, Error is: “waiting for Elasticsearch to be up and running” and then service is stopped. Any suggestion?
    A: Sorry about that. Please open a support ticket, and we will get this resolved for you. If you do not have a support contract, do send it to us in the community forum. https://community.sonarsource.com/

  • Q: When the AI-generated code is modified, does the AI-generated flag persist?
    A: The detection of AI-generated code relies on the use of GitHub copilot by your developers and on their recent commits. Once you activate AI Code Assurance, we recommend keeping it enabled so that we make sure your projects continue to be checked with the same level of expectations.

  • Q: In SonarQube UI, can we filter on projects to see the ones using AI-generated code?
    A: There’s currently no direct way to filter on projects using AI-generated code. This is something we’ll consider adding.

  • Q: Can you elaborate again on the difference between the Community Build and the SonarQube Server versions. If we update to 2025.1 LTA (SonarQube Server) and on our Community instance to 2025.1 build xyz, are these equivalent?
    A: There’s no direct equivalence between the 2. The products have different versioning. For SonarQube Server, the versioning is based on the year of release followed by the release number: SonarQube Server 2025 Release 1 - LTA (abbreviated as 2025.1) SonarQube Server 2025 Release 2 SonarQube Server 2025 Release 3 … The new versioning scheme of SonarQube Community Build is separate from our commercial versions, with a new Calendar Versioning (CalVer) format…

  • Q: We are using SonarQube 10.7 Enterprise edition, and AI code fix is being used by the project teams, however as admin and central devops teams we could not figure out a way to monitor AI CodeFix feature usage. Is there a way to get the AI CodeFix usage metrics for the installation so that AI CodeFix adoption can be measured? Thanks
    A: There’s no indication yet in the product about your adoption of AI CodeFix. This is a great suggestion. We’ll be happy to hear more about your needs on the topic.

  • Q: Will the AI Enhancement and Security Innovations be available for those air-gapped, on-premise SonarQube Servers?
    A: We are considering enabling customers to use their own keys/models.

  • Q: Any possibility of detecting other AI assistants like Tabnine.?
    A: We are considering extending this detection to other AI tools.

  • Q: Will you have the possibility of detecting other AI assistants than GitHub Copilot? Or is this capacity linked specifically to the GitHub and GitHub Copilot integration?
    A: We currently automatically detect the use of GitHub Copilot. We are working on extending this detection to other AI tools.

  • Q: When we upgrade SonarQube Server, are we expected to update the SonarLint and SonarScanner libraries used to access that server? Recently, we faced an issue while upgrading to 10.7 and SonarScanner 5.
    A: We generally recommend staying up to date with recent scanner versions to benefit from the latest features and fixes. For more details about the scanner compatibility, we recommend to look at the upgrade notes. For your convenience, you’ll find LTA to LTA upgrade notes here: https://docs.sonarsource.com/sonarqube-server/latest/

2 Likes