There’s been a lot of change lately, with the recent rebranding, and license and packaging changes announced this week:
- A new free tier of SonarQube hosted in the Cloud
- Updates to the Community functionality
- License changes
But one thing never changes, and that’s our mission to help you write great code. That’s why we’re grateful every time you give us feedback. So like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Cloud:
- @Mike_Reynolds and @arnomessiaen reported that they couldn’t add members to their organizations Thursday. Fortunately, the incident we declared was quickly resolved. Thanks for the reports!
SonarQube for IDE:
- @NathanAlcantara got an exception while changing the status of an issue on SonarQube for IntelliJ. SLCORE-1045
Scanners:
- It seems that disabling other Roslyn analyzers isn’t possible when you’re (also) running the SonarScanner for .NET. Thanks @Thomas_Mittermair! SCAN4NET-166
- @MarekU’s request for a
base_url
for Docker-based analysis without a direct connection to the internet led to SQSCANGHA-51 , which should be released soon. - We’ll add support for self-hosted GitHub runners without
keytool
following @higgs01’s struggles: SQSCANGHA-56. - @tyskland, @SakeebHossain, @paulmedynski, @sly_ratt, @mrozekma, @arobinson, @vdr_Suvelrathneswar and @arielman have let us know over the years that our inability to handle a Git Worktree was causing them problems. The problem was actually in JGit, which has released a fix, which we’ll pick up with SONAR-23721
- At @cfebl’s suggestion, we’ll support downloading the native bundle of the Scanner CLI, instead of the “noarch” flavor on Azure DevOps. SONARAZDO-443
Rule & Language improvements:
- Way back in August 2023, @lbenedetto pointed out that
java:S2201
shouldn’t raise an issue onorElseThrow()
. It took additional nudges from @nquirk22 and @vexorian before we finally saw the light, though and finally created SONARJAVA-5185 to fix it. - @CarelC objects to
cppS5008
telling him to change the the signature of a library function. We think that’s pretty reasonable of him, actually. The rule was already in our sights, and this report has helped us flesh out the problem statement. - Speaking of times when you don’t have control of the signature, @jmothes reported that
java:S5411
raises an issue when use of generics converts yourboolean
to aBoolean
automatically. SONARJAVA-5184 - @champa let us know that we missed a hard-coded password in their TypeScript code. JS-404
- We’ve just added an Architecture analyzer to SonarQube Cloud. @Opetion noticed because of an error it added to his analysis log. Thanks for our very first Architecture feedback! SONARCH-135
- @rakleed reported that
eslint-plugin-sonarjs
doesn’t work with flat configuration, and @dschuessler was kind enough to provide a reproducer for the problem. It’s actually that our documentation is wrong, which we’ll fix with ESLINTJS-64 - Speaking of documentation, we’re going to beef up the docs on writing custom Java rules in response to @christian.jacob’s trouble trying to use classes that aren’t actually public. Thanks for the feedback!
- We’ve also fixed a typo in the docs that led @mb_centaurea to struggle with configuring duplication detection in his .NET project
- @bduderstadt let us know that the fix that
java:S1612
suggests won’t compile. Doh! We were already planning to work on the rule (SONARJAVA-4239) and we’ve updated the ticket for this case as well.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.