Key features of SonarQube 9.7

Improved Analysis Performance Across Multiple Languages

SonarQube 9.7 continues the performance optimization initiative introduced in version 9.6 by expanding the analysis cache technology to additional programming languages. Building on the faster Java pull request analysis from the previous release, version 9.7 delivers significant speed improvements for JavaScript, TypeScript, and COBOL analysis. The analysis cache prevents unnecessary reanalysis of unchanged files, resulting in substantial performance gains for development teams. For large JavaScript and TypeScript projects, users can expect pull request analysis improvements of up to 80 percent, with an average improvement of 40 percent across typical projects.

Expanded Python Rules and AWS Security Coverage

The release introduces substantial additions to Python rule coverage, with particular emphasis on test quality and security best practices. Three new test-related rules address common testing patterns, while five additional rules are unique to SonarQube and focus on test execution scenarios, including test skipping detection and verification that assertions are reachable. Beyond Python, the release significantly strengthens AWS security compliance with nine rules for encryption at rest and in transit, four rules addressing public access, network configurations, and firewalls, and three rules covering permissions and access control. Commercial edition users benefit from additional taint analysis capabilities for inline JavaScript and TypeScript Lambda functions within YAML files.

Enhanced Security Reporting and GitHub Integration

SonarQube 9.7 strengthens its security reporting framework with new capabilities for standards compliance and improved visibility in popular development platforms. The release introduces a security report measuring compliance against the OWASP Application Security Verification Standard (ASVS) across all three levels of the framework. In GitHub integration, vulnerabilities detected by SonarQube are now reported directly within GitHub's code scanning interface, providing developers with consistent rule descriptions, highlighting, and messaging alongside the full SonarQube user interface experience. Additionally, most Java and C# obtaint analysis rules have been enhanced with deeper rule descriptions, improved educational content, and refined code examples that clearly demonstrate the differences between compliant and non-compliant implementations.

Administrative Improvements and User Data Privacy

The release introduces several administrative enhancements designed to simplify platform management and improve user experience. A long-awaited announcement message feature allows global administrators to broadcast notifications to all users with the ability to schedule messages in advance. SAML integration has been made more accessible through a test configuration button and enhanced documentation, reducing setup complexity. On the data privacy front, SonarQube 9.7 introduces the ability to anonymize user records when deactivating accounts, allowing administrators to delete personal information while retaining associated records in the database for audit purposes.

Telemetry Updates for Better Insights

SonarQube has refined its telemetry collection strategy to provide more granular data while maintaining user privacy. Telemetry data is now sent every 24 hours with detailed metrics instead of the previous weekly aggregated approach. The system continues to use anonymized identifiers and does not collect personally identifiable information, ensuring that organizations can benefit from improved analytics while maintaining compliance with privacy standards.

Key Takeaways

• Performance gains extend across languages: Analysis cache technology now accelerates JavaScript, TypeScript, and COBOL analysis, with improvements up to 80% for large JavaScript/TypeScript projects
• Security coverage strengthens: AWS security, ASVS compliance reporting, and GitHub integration enhance vulnerability detection and visibility
• Administration becomes simpler: Announcement messaging and improved SAML configuration reduce operational overhead for platform administrators
• Privacy protection advances: New user anonymization capabilities allow organizations to manage data retention while protecting personal information
• Rule coverage expands significantly: New Python test rules and commercial-edition taint analysis improve code quality and security detection capabilities