SonarQube 5.6 (LTS) in Screenshots:

by g. ann campbell|

    The wait is over! The new SonarQube Long Term Support (LTS) version is out, and it's packed with new features to help you better manage your technical debt and operational security. It has been over a year and a half since the last Long Term Support (LTS) version was announced - a very busy year and a half. In that time, we've pursued three main themes:

    • Fixing the Leak
    • Adding More for Developers
    • Increasing Scalability and Security

    Fixing the Leak

    The Water Leak concept says you should fix new issues before bothering with old ones. After all, an issue in two-year-old code has been tested by time. Its the one you added yesterday that should be fixed immediately - while the code is still fresh in your mind.

    To that end, we've added a number of features to keep you focused on the leak. The first is a new, fixed project home page which puts the leak front and center (okay, front and right) by highlighting the metrics on new code:

    And just to make sure it doesn't slip from view, we've updated the default quality gate to focus on new code as well:

    Of course, it's best of all if new problems never hit the code base. In an effort to shorten the cycle we also added the ability to analyze pull requests. Now you no longer need to wait for your code to hit the SonarQube server to see what you need to fix. Instead, you can see new issues as comments on your GitHub pull request (PR):

    This is enabled as a GitHub status check, so analysis is automatic with each new push to the PR and you get a tidy summary in the check list:

    Adding More for Developers

    As a company of developers, and our own first users and harshest critics, we're always focused on making the platform more usable for developers. It should come as no surprise then, that there's a lot for developers in this version!

    I'll start with the SonarQube Quality Model, which is an easy to understand, actionable model that takes the best from SQALE and adds what was missing. It draws bugs and security vulnerabilities out of the mass of maintainability issues to clearly highlight project risk, while retaining the calculation of technical debt.

    Click through on any of these issue counts, and you land at the new issues page, which is available at both global and project levels. It features an easy-to-use search, totals by either count or technical debt, and super-easy keyboard (or mouse!) navigation:

    On that issues page, you may notice the next developer-centric feature: precise issue location. Now we can highlight exactly, and only the portion(s) of a line relevant to the issue:

    Last but not least on the topic of Issue improvements is False Positive's long-awaited sister: Won't Fix:

    We've also reworked the presentation of Metric details. The old drilldowns have been replaced by a new project Measures space, which offers a general overview:

    A domain view:

    A treemap, a list of files, a component tree, and of course a file listing

    Increasing Scalability and Security

    Even though SonarSource is a developer-centric company, we didn't forget devops. In fact, this new LTS makes great strides in that area.

    The most significant change is that analyzers no longer talk to the database. This means you don't have to hand out your DB credentials to every Joe who wants to run an analysis. Instead, scanners talk only to the web server, and the server takes it from there.

    "But wait," you're thinking, "you still have to pass around the user credentials to submit an analysis."

    No you don't. We've added the ability to generate user tokens, so you can run an analysis without exposing your password (or user name!).

    Also Worth Noting

    While it shouldn't be major news, it's also worth noting that the new LTS drops support for Java 7. It's Java 8+ from here on out. Among other things, the change should make your SonarQube server even faster than before!

    That's all, Folks!

    Its time now to download the new version and try it out. But don't forget to read the installation or upgrade guide.

    If you've already worked with the 5.x series, few of these things will come as a surprise. If you're still on the previous LTS, you should fasten your seat belt. It's gonna blow your socks off!