SonarQube 10.6 released
SonarSource recently a new version of their Sonarqube platform - SonarQube 10.6
For us, we have to update some of build configuration (Maven POM), change some of the default setup and the way that we handle reading of source files and wala, we have a working plugin.
Moving forward, that means that our customers get code and SAST scanning for ESQL, Msgflows and other IIB/WMB/ACE files but also all the newer features that have been released since the last release of our plugin. Our last release supported SonarQube 10.0.
Moving from version 10.0 to version 10.6 means that our teams get the benefits of the incremental changes to functionality that come from each version.
The new functionality includes :
"Smoother centralized access management with GitHub" - integrating with GitLab, which is good rather then to export and import SARIF files yourself.
"Clean as You Code guidance checks" - "Clean as You Code" sounds like a good best practice for teams, and provide some guidance for how teams can get into better code quality. Not really sure what it means without trying it out.
"Security analysis now integrated into GitLab dashboards" - so for teams that prefer to stay within GitHub, this will help with being an information radiator.
"Enhanced cloud secret detection" - anything that can help teams moving to the cloud.
"Streamlined Permission Synchronization from GitHub" - having a central repository for users and groups helps to reduced onboarding and off boarding risk. It is far better to delegate this access control that managing it within SonarQube.
"Simplified Clean Code Attribute in Pull Requests for all CI Platforms" - this sounds exciting, not sure what it means. Again, I might need to try this is out to see how it works.
"Sonar way Quality Gate Adopts Rigorous Clean as You Code Criteria" - helping you to get it right from the start.
"Secrets Detection at the Source" - we have rules for secrets specific to IIB/ACE/WMB, but built support always helps:
"Pull Requests Show Issues That Will Be Fixed When Merged" - this helps encourage incremental changes and allows teams to focus on reducing existing risks.
"Branch Summary Shows Issue Count And Overall Code Shows Software Quality" - being able to report incremental improvements across branches.
Recommended by LinkedIn
"Dismiss Issues Marked as “Accepted” And Keep Track Of How Many" - which is always something that we need to keep track of. Accepting a risk means that you can lose visibility.
"Faster Scan Times" - and who doesn't love faster scan times.
"Provision And Sync Users And Groups From GitLab" - again helps with operational management of the platform.
"Faster Secret Detection Analysis" - faster = better
"Kubernetes and Helm Charts Improvements" which will operational for our teams that have moved from VM's to Docker to K8S
"Clean Your Entire Mainframe Ecosystem", WMB/IIB/ACE teams often use middleware to expose the mainframe and extend legacy systems. In this case JCL has been added. Anything else we can do to help teams with other tools is a plus.
"SonarQube runs in a FIPS-enforced environment" - One of the new features that isn't specific to WMB/IIB/ACE development is the support for FIPS. Working with governments can mean some extra read tape. So having support built in helps working government or potential government clients is always helpful.
"Set rule priority to prevent the release of substandard code" looks interesting, it's not available in the version that we run for our demonstrations - community, but it would be useful for some our of larger clients that make use of the Enterprise edition with it's support.
Hopefully the teams using our products can make the move to the new version which will allow them to make use of all the new features.
More information on our products and on pricing can be found on our website:
You can also reach me via email at:
Or contact me via the contact page on our website:
Regards
Richard