Sonar Community Highlights, October 7 - October 13

Hi all,

I hope this spooky October, Friday the 13th :ghost: is finding you well. At Sonar we have a tradition of changing our Slack handles to something Halloween-related in October. Last week I was “bANNshee”. I’m currently masquerading as “frAnnKenstein”, and hope to get scarier as the month progresses. Colin, who was out this week, is too cool for that, but Leith jumped onboard with “Leith DRACULA”. :smiling_imp: Do you do anything for Halloween at work? :zombie:

And now, on to the highlights! It’s been yet another busy week in the Sonar Community! Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.


  • @Carsten_HB, @yevhenhnes and @romanb52 reported problems with issue status [1] [2] and Security Hotspot resolution flickering back and forth from Open to Closed with each subsequent analysis, and @sheilemann earned the Samaritan badge chiming in to help! This is actually a long-standing but elusive problem. Thanks to these reports, we’ve now created SONAR-20695 to gather details and hopefully, eventually track this down and fix it. If you’ve seen these behaviors yourself, please don’t hesitate to chime in!

  • We’ve made significant efforts over the last few years to make our products more accessible, but there are still things we miss. @kirkpabk was kind enough to raise the fact that the announcement message doesn’t quite hit the mark, resulting in SONAR-20692.

  • @nkojuharov found a bug in the license usage reporting after manual deletion of branches. SONAR-20733 will fix it.

  • Thanks to @Adrian_Garcia_Gonzal for noticing that if you use sonar.web.context in SonarQube 10.2, images don’t load in the Marketplace. SONAR-20728 is slated for a 10.3 fix.

  • @andrew-garland reported that when you “Test Configuration” for GitHub integration, it will come back as correctly configured even if your secret key is wrong. SONAR-20741 will fix it.


  • Some of our users with a lot of projects were experiencing timeouts when adding monorepo projects in SonarCloud. @Marcus_Soo helped us find that, and we’re working on a fix.

  • While we have partial support for Git submodules in SonarQube, @ealmeida brought it to our attention that there isn’t any for SonarCloud, so we’ve added a ticket to the backlog for that.


  • We’ve put a lot of effort into our rule descriptions and example code, but that doesn’t do any good if you can’t read them. @JakeAtON reported a problem viewing the Noncompliant Code Example in SonarLint, which resulted in SLI-1127.

  • @bers noted that we’re showing some misleading curly braces in the VS Code settings editor. SLVSCODE-592 will fix it.


Rule / language improvements

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

Ann :troll: , @colin & @leith.darawsheh :vampire: