Sonar Community Highlights, July 29 - August 4

Hey everyone!

It’s another busy week in our Community, and we want to say thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

Java Rule Feedback:

• After a (long) time, feedback from @bergamin about a false-positive on java:S3358 when using a builder pattern turned into an improvement ticket: SONARJAVA-4566. Thanks a lot!

• Next, kudos to @sithmein who reported a false-positive back in June concerning java:S2583 when using getIfNotPresent from the Guava Cache class. Now you can track progres on this at SONARJAVA-4560.

• Keeping our rules precise, @maicaballangan suggested some exclusions for java:S1258 that will be added soon SONARJAVA-4563.

• @reitzmichnicht suggested a rule that using assert should not be possible in public code. While there’s a case to be made for using assert in private methods, this discussion prompted us to extend java:S4272 to apply to protected and package-protected methods. SONARJAVA-4565

• Shoutout to @starkos who helped us finally reproduce a previously reported false-positive with java:S2637. This one has been elusive for a while (it only appears in SonarLint). SONARJAVA-4564

• java:S2259 should consider functional interfaces…but right now it doesn’t, leading to false-negatives. Thanks @mohui1999 for the report, helping us to create SONARJAVA-4568.

• @So-Fras asked a great question: why did we deprecate java:S6160? Developer @Marco_Kaufmann was able to explain.

C/C++ Rule Feedback:

• Last week @l0cky3r gave some feedback on a rule that helped us create some tickets for our Java analyzer, and this week he helped us realize that it applied to our C/C++ analyzer as well: which helped us create CPP-4234. 2-for-1 special!

• Thanks to @Theramar who reported a false-positive on cpp:S878 and cpp:S905 that is the result of a parsing error on the std::to_array identifier, which needs to be fixed as a part of our support for C++20. CPP-4608

Swift Rule Feedback:

• Over time, a couple users (@ladislas, @Darotudeen_Durosomo, @cbh2000, @Daniel_Sanchez_Cisne) have reported issues with swift:S3087 on SwiftUI code. Now there’s a ticket to address this: SONARSWIFT-541

• Another good catch on the Swift programming language: this time regarding swift:S1144 and reported by @frugoman. SONARSWIFT-542

TypeScript Rule Feedback:

• Detecting unused imports (typescript:S1128) is surprisingly tricky, and another corner case was shared by @zhijie.hao which helped us create SonarSource/SonarJS #4047

SonarLint:

Have you heard about SonarLint? While SonarQube and SonarCloud help catch issues in your CI/CD, SonarLint helps you find and fix issues while you code right in your IDE of choice. It’s an invaluable addition if you’re already using the Sonar solution.

This week we got a lot of helpful feedback from our Community.

• @luc_steven, and @Slobodan_Dzakic both reported the same bug with SonarLint for IntelliJ which can be tracked at SLI-1044 (for now, it’s necessary to downgrade to the last version)

• @mblascht and @Johan_Havenberg reported an issue that helped us find two bugs regarding proxies, now tracked at SLI-1043 and SLCORE-530

• @Horia-Vlad, @andreasevers, and @rijnhardtkotze all ran into an error trying to use Connected Mode with SonarCloud. We’ll patch this ASAP with SLI-1045

• SonarQube allows you to open an issue right in the IDE if you have SonarLint installed. We might be able to improve this in certain environments with SLCORE-529. Thanks @​​nmk_kannan!

General:

@Rebse tops the Leaderboard this week. That’s not actually an unusual situation. Gilbert is well known for the time he takes to help other users, and this week was no exception. We all deeply appreciate your contributions, Gilbert.

Deprecation of Java 11 runtime

This week we announced that running analysis with Java 11 is now considered deprecated. A few things… have to happen first, and maybe not everything happened in the right order. Piece by piece, we’re getting our ducks in a row, but thanks to a few folks:

• @DuncSmith and @ms-tng for calling out the SonarCloud GitHub Action and SonarCloud Bitbucket Pipe

• @grassrab, @martinlk, @YvesR, @Zenuka and @Jason_Donnell for their feedback on the Azure DevOps Extension

• There seem to be some users experiencing an issue with the newest version of the Scanner, particularly when the scanner tries to execute other programs. Thanks @Gilthoniel, @ZoranIlievski, @xavi, @jrouwe and @Jonathan_Schweikhart for the reports. There’s even a community pull request that has been prepared (with a workaround in the comments) – hopefully we can sort this out soon

Thanks!

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products. Two special thanks this week:

• Thanks to @mkon for helping out on this thread about the import of coverage reports for Ruby

• Thanks to already mentioned Community Hero @Rebse gave some extensive advice to another user about how to upgrade. Thanks as always for your help <3

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

@Colin & @ganncamp