<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>SonarQube on Software Factory</title><link>/use/tools/sonarqube/</link><description>Recent content in SonarQube on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/use/tools/sonarqube/index.xml" rel="self" type="application/rss+xml"/><item><title>Sandboxing Issue Triage</title><link>/use/tools/sonarqube/sandboxing/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/sonarqube/sandboxing/</guid><description>&lt;p&gt;This page explains the &lt;em&gt;Issue Sandboxing&lt;/em&gt; behavior you will see after the upgrade.
This page is designed to help you prepare for the upgrade.&lt;/p&gt;
&lt;h2 id="sonarqube-20261-lta--what-new-to-expect"&gt;SonarQube 2026.1 LTA — What new to expect&lt;a class="td-heading-self-link" href="#sonarqube-20261-lta--what-new-to-expect" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;

 &lt;div class="admonition note admonition--headless"&gt;
 &lt;div class="admonition-content"&gt;
 &lt;p&gt;We are upgrading from SonarQube &lt;strong&gt;2025.1 LTA → 2026.1 LTA&lt;/strong&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;&lt;h3 id="tldr"&gt;TL;DR&lt;a class="td-heading-self-link" href="#tldr" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h3&gt;
&lt;p&gt;A major LTA-to-LTA upgrade brings a significant number of new and improved rules across all languages.&lt;/p&gt;
&lt;p&gt;New issues can appear on &lt;strong&gt;code you haven&amp;rsquo;t touched&lt;/strong&gt; — either because &lt;strong&gt;the analyzers got smarter&lt;/strong&gt;
or because &lt;strong&gt;new rules were added&lt;/strong&gt; to the quality profile.&lt;/p&gt;</description></item><item><title>Secrets, Tokens and Credentials in SonarQube</title><link>/use/tools/sonarqube/secrets/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/sonarqube/secrets/</guid><description>&lt;p&gt;This document lists all secrets, tokens and credentials that can be configured and managed by a
&lt;strong&gt;non-administrator&lt;/strong&gt; user in SonarQube.&lt;/p&gt;
&lt;p&gt;For each item, a concise explanation of its usage and a link to the official documentation are
provided.&lt;/p&gt;
&lt;table&gt;
 &lt;thead&gt;
 &lt;tr&gt;
 &lt;th&gt;Type&lt;/th&gt;
 &lt;th&gt;Description&lt;/th&gt;
 &lt;th&gt;Details&lt;/th&gt;
 &lt;/tr&gt;
 &lt;/thead&gt;
 &lt;tbody&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;User Token&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;Full user-level authentication token, inherits all user permissions&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#user-token"&gt;User Token&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Project Analysis Token&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;Scoped token for running analyses on a single project&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#project-analysis-token"&gt;Project Analysis Token&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Global Analysis Token&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;Token for running analyses on all projects in the instance&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#global-analysis-token"&gt;Global Analysis Token&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Webhook Secret&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;HMAC-SHA256 secret to verify authenticity of webhook payloads&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#webhook-secret"&gt;Webhook Secret&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Project Badge Token&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;Auto-generated token for displaying project metrics badges&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#project-badge-token"&gt;Project Badge Token&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;DevOps Platform PAT&lt;/strong&gt;&lt;/td&gt;
 &lt;td&gt;GitLab PAT for project import and Merge Request decoration&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#devops-platform-integration---personal-access-token-pat"&gt;DevOps Platform Integration&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;&lt;strong&gt;Login/Password&lt;/strong&gt; &lt;em&gt;(deprecated)&lt;/em&gt;&lt;/td&gt;
 &lt;td&gt;Legacy authentication method, replaced by tokens&lt;/td&gt;
 &lt;td&gt;&lt;a href="/use/tools/sonarqube/secrets/#loginpassword-authentication-deprecated"&gt;Login/Password&lt;/a&gt;
&lt;/td&gt;
 &lt;/tr&gt;
 &lt;/tbody&gt;
&lt;/table&gt;
&lt;h2 id="user-token"&gt;User Token&lt;a class="td-heading-self-link" href="#user-token" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;h3 id="description"&gt;Description&lt;a class="td-heading-self-link" href="#description" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h3&gt;
&lt;p&gt;Authentication token that allows a user to perform all actions the user can do via the web
interface, without using their actual credentials (login/password).&lt;/p&gt;</description></item><item><title>What's new</title><link>/use/tools/sonarqube/what-s-new/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/sonarqube/what-s-new/</guid><description>&lt;p&gt;SonarQube has released a &lt;a href="https://www.sonarsource.com/products/sonarqube/whats-new/sonarqube-server-2025-1-lta-whats-new/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;new version&lt;/a&gt;
 with exciting features and improvements.&lt;/p&gt;
&lt;p&gt;We will discuss some of the key highlights that are activated and available within
the Software Factory.&lt;/p&gt;
&lt;h2 id="features-to-look-for-in-sonarqube-server-20251-lta"&gt;Features to look for in SonarQube Server 2025.1 LTA&lt;a class="td-heading-self-link" href="#features-to-look-for-in-sonarqube-server-20251-lta" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;For this new major SonarQube Server version the following new features will be available:&lt;/p&gt;
&lt;h3 id="project-administration"&gt;Project Administration&lt;a class="td-heading-self-link" href="#project-administration" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;Guided configuration of all projects in a &lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/project-administration/monorepos/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;monorepo&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/project-administration/maintaining-the-branches-of-your-project/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Flexible main branch&lt;/a&gt;
 designation&lt;/li&gt;
&lt;li&gt;Guidance on project onboarding related to &lt;a href="https://docs.sonarsource.com/sonarqube-server/2025.1/user-guide/about-new-code/#new-code-definitions" class="external-link" target="_blank" rel="noopener noreferrer"&gt;new code configuration&lt;/a&gt;
.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="analyzers-scanners"&gt;Analyzers, Scanners&lt;a class="td-heading-self-link" href="#analyzers-scanners" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;Faster analysis bootstrap&lt;/li&gt;
&lt;li&gt;Faster scan times&lt;/li&gt;
&lt;li&gt;Improved experience for &lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/languages/c-family/analysis-modes/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;C and C++ analysis&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/analyzing-source-code/scanners/sonarscanner-for-maven/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Maven scanner&lt;/a&gt;
 scans all files&lt;/li&gt;
&lt;li&gt;New C, C++, and Objective-C GitHub Action&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="quality-gates-and-quality-profiles"&gt;Quality Gates and Quality Profiles&lt;a class="td-heading-self-link" href="#quality-gates-and-quality-profiles" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-profiles/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Set rule priority&lt;/a&gt;
 to uphold your coding standards&lt;/li&gt;
&lt;li&gt;Updated &lt;a href="https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/analysis-functions/quality-gates/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Sonar Way quality gate&lt;/a&gt;
 condition&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/quality-profiles/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Exclude rule&lt;/a&gt;
 from inherited quality profile&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.sonarsource.com/sonarqube-server/latest/instance-administration/analysis-functions/instance-mode/instance-mode-overview/" class="external-link" target="_blank" rel="noopener noreferrer"&gt;Dual operating modes&lt;/a&gt;
 with Standard Experience Mode that preserves familiar rule and issue qualities
and severities for users or Multi Quality Rule (MQR) Mode to more accurately represent
the impact an issue has on all software qualities&lt;/li&gt;
&lt;/ul&gt;

 &lt;link rel="stylesheet" href="/css/vendors/admonitions.css"&gt;
 &lt;div class="admonition info"&gt;
 &lt;div class="admonition-header"&gt;&lt;svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"&gt;&lt;path d="M256 512A256 256 0 1 0 256 0a256 256 0 1 0 0 512zM216 336l24 0 0-64-24 0c-13.3 0-24-10.7-24-24s10.7-24 24-24l48 0c13.3 0 24 10.7 24 24l0 88 8 0c13.3 0 24 10.7 24 24s-10.7 24-24 24l-80 0c-13.3 0-24-10.7-24-24s10.7-24 24-24zm40-208a32 32 0 1 1 0 64 32 32 0 1 1 0-64z"/&gt;&lt;/svg&gt;
 &lt;span&gt;Issues on previous version as 9.9.x&lt;/span&gt;
 &lt;/div&gt;
 &lt;/div&gt;&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Issue&lt;/strong&gt;: Refers to a problem or defect detected in the source code that does not comply with a rule.
It can potentially impact the quality and maintainability of the software.
Here are the 5 common types of issues in SonarQube:&lt;/p&gt;</description></item></channel></rss>