What’s New in SonarQube | Governance and Quality Gates at Scale | Sonar Summit 2026

Описание: What’s new in SonarQube for enterprise-scale governance and development in the AI era?

In this Sonar Summit 2026 session, Brian provides an inside look at the latest SonarQube platform advancements, designed to help engineering organizations maintain strong code quality and security standards at scale.

As AI-assisted development accelerates code generation, platform engineering teams need better governance tools to ensure that every project meets consistent quality and security requirements.

In this session, you’ll learn about:
The latest SonarQube features and platform updates
Enhanced security reporting and governance capabilities
Expanded programming language support for modern development stacks
Deeper integrations with DevOps platforms and CI/CD pipelines
How platform teams can enforce quality gates across thousands of projects

Discover how the latest SonarQube capabilities help organizations scale development while maintaining strong software quality, application security, and governance practices.

Timestamps:
00:00 — Introduction
00:54 — Software Composition Analysis (SCA) Explained
01:06 — Detecting Vulnerable and Risky Open-Source Dependencies
01:52 — SonarQube for IDE and SBOM Export Support
02:11 — Portfolio-Level Visibility into Dependency Risk
02:33 — License Profile Management and Policy Enforcement
03:03 — Quality Gates for Dependency and License Compliance
03:34 — SonarQube MCP Server for AI-Assisted Development
04:02 — Demo: AI Agent Remediating Legacy Technical Debt
04:18 — MCP Returning Structured Issue Context to the Agent
04:32 — AI Coding Agents Improving Code Quality from the First Commit
04:51 — MCP Server Availability and Pricing
05:04 — Expanding Language and Framework Support
05:40 — New Analyzer Support for Rust, Shell Scripts, YAML, and Properties Files
06:26 — Java, Python, and .NET Static Analysis Enhancements
06:46 — Expanded Coverage for Go, Ruby, and Apex
07:01 — Over 1,000 New Static Analysis Rules Across 31 Languages
07:14 — Expanded Secrets Detection Capabilities
07:46 — Secrets Protection Across the SonarQube Product Suite
08:01 — UI and Reporting Improvements for Developers and Executives
08:17 — Customizable Reporting for Code Health and Compliance
08:34 — Custom Dashboards Overview
08:52 — Built-In Project Health Dashboard
09:10 — Creating a Custom Dashboard from Scratch
09:39 — Charts, Widgets, and Filters for Trend and Severity Analysis
10:22 — Enterprise Availability of Custom Dashboards
10:42 — Portfolio Security Reports and Downloadable PDF Exports
11:10 — Reporting Support for Compliance Standards like STIG and CASA
11:27 — New Workflow Integrations for DevOps Teams
11:39 — Slack, Jira, and JFrog Integration Roadmap
12:00 — Jira Integration: Converting SonarQube Issues into Work Items
12:53 — Slack Notifications for Quality Gate Status Changes
13:17 — Enterprise Governance and Administrative Controls
13:38 — Scoped Organizational Tokens for Secure Access
14:16 — IP Allow Lists for Tighter Platform Access Control
14:37 — Enterprise LOC Allocation and Resource Management
15:00 — Closing and SonarQube Cloud Signup Call to Action

#SonarSummit #SonarQube #DevSecOps #ApplicationSecurity #SoftwareQuality