The elegant and comprehensive static code quality analysis tool's latest LTS - 6.7 was out by end of 2017. From LTS stand point of view every version shows significant improvement from the predecessor, in case of SonarQube there have been three LTS so far, 4.5; 5.6; 6.7. Sonar, as it was called when it was started had a very humble yet powerful thought of analyzing java code with existing static code analysis tools like pmd and findbugs and persisting the report in database. This opened new opportunities for PMO and people concerned with productivity as it preserves history of project.
But Sonar was still only helpful for java developers and was almost exclusive for maven. By becoming a part of Codehaus projects it became more popular among maven community, around the same time they were recognized with Jolt award. Sonar started getting more attention, and they indeed lived up to it. Sonar soon incorporated other languages analyses into their arsenal. An interesting decision was made at this point, they ditched their approach of being aggregator of static code analysis tools to becoming an independent one. This move was in-fact essential and important for being one stop static analysis solution for all programming languages.
SonarQube 4.5 LTS is the first version that broke out of "java as first citizen" cocoon to give multi language support under single project and implemented SQALE methodology for calculation of technical debt. The version also marked the step towards establishing themselves as for profit organization, as they started offering commercial plugins for language analysis and PMOs (governing and report generation). Writing custom rules for SonarQube became elegant as they started using their own AST instead of using Pmd's AST, I have written about 50 on my own and it would have sucked big time if I had to use Pmd of XPath of Pmd! AST or Abstract Syntax Tree is how a code traversals through another code, its very intriguing to think of something like that ain't it. The Enterprise offering demanded availability and SonarSource came up with first Active Passive clustering guide. IDE plugin initiative helped them move away from the label of blamer, as developers can perform preview analysis in IDE itself before committing new changes and bugs. As far as architecture is concerned inclusion of Elastic Search improved search.
SonarQube 5.6 LTS made considerable amount of changes from architectural stand point to support changes at different level. Clustering was foremost, as SonarSource started offering cloud solution; even before this they had https://nemo.sonarqube.org/ which was more of SonarQube's demo which was primary used by open source project; I gave it a go when I presented SonarQube for Chennai devops community. The pre-commit analysis was expanded to support comments under source code repository, it was cool both in paper and in action. If you are working in big organization or open source project and kept getting pull request this was a boon for you, as it helps product owner to decide it the new pull request is to be merged with development branch - my trial. Most important change is the decision to split analysis into two phase, one at analyzer - mostly your CI engine and the second inside SonarQube's compute engine. And the UX improvements and re-organization of rules based on categories as one of bug, vulnerability or code smell from previous categorization model based on 5 level severity, also this gave every fresh look and feel.
SonarQube 6.7 LTS marked the arrival of aggressive commercial versions of Open Core SonarQube. The pricing was changed from edition based to LOC based from SonarQube 5.6 itself but that was only going to help small organizations but the new change was made at Compute engine level so as to force organization to move to enterprise version if they have multiple projects continuously analysed. And this is why careful evaluation of your needs and your budget allocation is required before proceeding with SonarQube 6.7 LTS. From Technical stand point SonarQube introduced branch analysis, i.e., you can continuously analyze your regular release made from trunk or master branch and also keep track of feature release being developed in different branch, neat isn't it. Also Sonarlint the plugin for IDE was better integrated with SonarQube or SonarCloud by having improved notification mechanism. Elastic search was upgraded improving the already smooth search experience.
So what is to be evaluated? SonarQube 6.7 sound awesome right? Yes, in-fact now more language has received first class citizen status along with jvm based languages, js and c#; also php, python, flex are all invited to party. So the hitch? compute engine, did not explain on purpose; before compute engine all he analyses and data writing happened outside Sonarqube server. Server essentially was an instructor on how to analyze and where to store, analyzers did all the heavy lifting, SonarQube server concentrated on displaying issue and managing action plans and so on. With Compute engine, SonarQube server became active participant in analysis stage also by taking over the job of persisting data. This control was leveraged in new LTS, from now community version will only support sequential data persist and thus putting a block on number of parallel analysis happening at a given point of time - only one project can be persisted you have to pay more for parallel persistence of analyzed data. On average Compute engine takes 2 seconds to 5 minutes to analyze a project even bigger once if you can tolerate this you can go ahead and upgrade/start using SonarQube 6.7. If you are huge organization and you use SonarQube as a center piece with it analyzing 20 plus projects every hour then consider upgrading to Enterprise version. But before moving to commercial landscape you might want to make yourself familiar with Kiuwan, Checkmarx, Fortify as their offerings puts security along with static code analysis. But when it comes to static code analysis SonarQube is still perfect with report accuracy.