Sonar Community Highlights, August 26 - September 1

Colin · September 1, 2023, 3:27pm

Hey everyone!

It’s another busy week in our Community, and we want to say thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

SonarCloud:

SonarCloud isn’t using the project binding information to decorate Pull Requests, which causes issues when running pull request analysis in certain cases – like for @Plevi1337! While we found a workaround, we’ve also created an internal ticket to make the experience better.

SonarQube:

Thanks @squalou for walking us through a bug with how timestamps are being reported in SonarQube log files. We’ll work on that in SONAR-20331.

SonarLint:

@Coriolis reported an issue where issue creation date wasn’t being displayed in SonarLint for IntelliJ after a crash (because the cache isn’t flushed to disk). SLI-1083 is already merged and released as a part of SonarLint for IntelliJ v9.0! Thanks!
If you are trying to use NOSONAR with Go in SonarLint like @kevink was, you were out of luck. We’ll fix this with SONARSLANG-613. Thanks!
I’m guilty of using the terms “regular expression” and “glob pattern” interchangeably – but I’m only human. Our software can do better. We were using these terms inconsistently in SonarLint for Eclipse as reported by @CrushaKRool. We’ll fix this with SLE-717.

Rule Improvements:

Shoutout to @mfroehlich for his multiple reports this week, including this report about a false-positive on java:S5413 that led to the creation of SONARJAVA-4599
We plan to update java:S107 with support for the Google Guice framework after a report from @Connor_Balin. SONARJAVA-4600
We’ll also make our support for org.apache.commons.collections better in the context of java:S2259 with SONARJAVA-4598. Thanks for the report @Rguihard!
@jdgs-thm posted a super detailed report about a false-positive on typescript:S4213 when using using Mongoose 6.x. The outcome of this report was SonarSource/SonarJS #4113, already targeted for the next milestone! Thanks!
Thanks @aleks-lazic for letting us know about a reCaptcha test value that was triggering secrets:S6692. The PR is already merged!

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

Colin & @ganncamp