The summer is finally here and with it the long-awaited SonarQube 8 LTS! There’s a long list of goodies for your code quality needs.
The wait is over. The new SonarQube LTS is here! And it’s the best SonarQube LTS to date.
Focus on code security
The previous SonarQube 7.9 LTS introduced code security features Security Vulnerabilities and Security Hotspots. Both have been vastly expanded in this release, including but not limited to:
- Improved detection engine for a new kind of precision and performance in security analysis in SonarQube.
- New rules and improvements for C#, Java and PHP security analysis.
- Security Hotspot support for C, C++ and TypeScript.
Expanded security reports are available for Enterprise and Data Center editions of SonarQube: reporting now includes both CWE Top 25 2019 and CWE Top 25 2020 with a possibility of exporting a PDF document of the top reports.
Developer-centric user interface updates
Project home page has been re-written to put more focus on what’s important: helping every developer write better code every day with an approach SonarSource refers to as Clean as You Code™.
The project home page now emphasizes quality and security of New Code. A full overview of the whole codebase of the project is still available in the Overall Code view, and all the other project details can be found tucked away in the separate Project Information section.
In addition to the test code coverage, SonarQube 8.9 LTS will also include rules for Java, PHP and C# for tracking the test code quality, to ensure that the tests that you do are good tests.
Security Hotspots have been relocated from the general Issues interface to a new dedicated interface for reviewing and triaging Security Hotspots. All unreviewed Security Hotspots will be neatly listed in priority order, allowing you to conveniently check and review all potential security problems detected in your code.
In the previous 7.9 LTS, Python support was limited to imported Pylint reports. This release of SonarQube will improve on that considerably, by expanding Python support to be on the same level with other languages, with fast and accurate, in-depth native analysis with reasonable defaults, and with proper support for tracking issues through all language structures, frameworks and types.
To ease the transition from other tools, SonarQube will also support import of Pylint and Flake8 reports. You also have the ability to write custom rules as well, if something is missing.
The Long-Term Support experience
We prefer to provide the LTS version of SonarQube as a part of a ROOT platform. Using LTS ensures that it will remain stable and fully supported for at least 18 months from the release date, with regular patches and fixes for bugs and vulnerabilities -- and, generally, no major potentially breaking changes until the next LTS release.
SonarQube Scanner and Java 8
This release of SonarQube, like the outgoing SonarQube 7.9 LTS, retains Scanner support for both Java 8 and Java 11. This is yet unconfirmed, but it is more than likely that the Java 8 support will be phased out by the next LTS release.
If you are running SonarQube Analysis from outside Jenkins (e.g. with SonarScanner for Maven) with Java 8, this is now the perfect opportunity to start planning a move to Java 11. Or switching from Maven integration to SonarQube Scanner for Jenkins, for example.
Doubts or worries? Get in touch with your ROOT support. We are here to help.
More on the new LTS
Want to learn more about the new LTS and its new features? May we recommend checking out the recording of the SonarQube LTS 8.9: Better than ever webinar on SonarSource's YouTube channel?
There’s also the SonarQube 8.9 LTS release announcement at sonarqube.org and the nitty gritty details available on the LTS to LTS Release Upgrade Notes.
This update of Nexus IQ (Nexus Lifecycle Release 114) enhances the user experience by navigation and filtering improvements. A new Nexus Lifecycle add-on Advanced Legal Pack is now available for purchase.
Manage OSS compliance with Advanced Legal Pack
Advanced Legal Pack will help you ease the legal burden that comes with development. When more and more open source dependencies are introduced to a project, having help to fulfil the possible legal obligations associated with them enables developers to focus more on their main task… development.
Advanced Legal Pack adds the following capabilities to a Nexus Lifecycle instance:
- Automated attribution reports for automated creation of attribution reports or 3rd party notices that comply with over 90% of OSS obligations.
- Legal compliance workflows provide an easy way to review and resolve obligation issues.
- Extended legal data, for example all copyright and notice statements and all license texts found in a component.
- Saving attribution and obligation results at the organization or application level.
- Customizable attribution reporting
Check out "Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack" at sonatype.com or the Advanced Legal Pack product page at sonatype.com to learn more about the add-on.
Updated navigation and filtering
The navigation bar on the top of the page has been pivoted to the left of the page. The navigation menus themselves have remained the same, but the new location will allow flexibility for new features and functionality.
Since the navigation menu will be residing on the left, the filtering features have had to relocate. They have been moved from the left side of the page to a neat, folded filter section in the top right corner of the Dashboard and Reports pages. You can easily bring out the filter section only when it’s needed. The rest of the time it will stay out of your way, maximizing the screen real estate.
Browse to Release Notes - Nexus IQ Server at sonatype.com for all details on this update.
As is the case with ROOT, it’s never just about the headline act. For this fine June we also have lined up a bug-slashing Bitbucket release, an update for Nexus Lifecycle, the usual monthly level-ups for GitLab and Jenkins, and an improved ROOT Team Management.
Bit of Bitbucket to boot
The Bitbucket dashboard has been slightly refreshed, not only to look nicer, but also to be easier to read. It’s also been given some optimization under the hood, making your dashboard load faster than before.
Bitbucket Data Center will also include an additional new feature for the dashboard - the Your Jira issues section. When Bitbucket is hooked up to a Jira instance, you can use this new feature to see all your open Jira issues right from the Bitbucket dashboard, easily open up details of an issue or create a Git branch related to an issue directly from the Actions menu.
Other fixes and improvements
This release of Bitbucket enhances the behavior of pull request ref creation, making it more deterministic (BSERV-12284). This fixes the problem many of us have encountered with Bitbucket 7.x: CI builds failing because of the missing refs/pull-requests/*/from ref in Git.
The requirement for users to have email addresses for ref operations, like creating and deleting branches and tags, have been relaxed (BSERV-9340). Now these operations can be performed with an account, which does not have an email address associated with it, as may be the case with many resource (or bot) accounts in enterprise directories. However, you’ll still need an account with email for merging pull requests, for example. It’s just the nature of Git.
There are also improvements for pull request UI usability: in the pull request diff view, it is now possible to expand the context button from either the upward or downward direction, with expansion of lines limited to 25 at a time. You can also take advantage of the new formatting toolbar when commenting on pull requests.
There are also a host of other fixes and fine tuning, all of which you can find out in Bitbucket Server 7 release notes at atlassian.com.
GitLab release 13.12
This month’s GitLab release includes a host of improvements for DAST and SAST scanning features, usability enhancements for CI/CD pipelines, updated report and charts, some neat touches for the overall GitLab platform management, such as total group and project count in admin users table and a lot more. All of which you can conveniently find in the comprehensive GitLab 13.12 release blog at gitlab.com.
Jenkins’ monthly treatment
Jenkins core gets a minor bump from 2.277.3 LTS to version 2.277.4 LTS along with a host of plugin updates.
The JFrog Artifactory plugin receives support for npm 7.7 and NuGet V3 protocol, as well as support for the new Artifactory Projects feature found in the Enterprise variants of our favorite binary repository manager. Other than that, most of the plugin changes are minor enhancements or fixes.
Please contact your ROOT support for a complete list of plugin updates applicable to your ROOT Jenkins instance.
Eficode ROOT Team Management version 1.7.0
The latest version of our centralized access management tool, Eficode ROOT Team Management (RTM), will add support for user deactivation/reactivation for user accounts synchronized from an external directory (AD, Azure AD, LDAP) based on user state and/or attributes in the origin. OpenLDAP has also been updated to version 2.4.58 to slash some bugs present in the LDAP server as well as to improve the overall stability of the RTM LDAP service.
Head on over to our RTM 1.7.0 changelog for full disclosure on the changes and fixes for this release.
Published: May 26, 2021