Hey everyone!
Another busy week in the Sonar Community – @Colin was in Bilbao for this year’s Open Source Summit!
Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.
SonarQube:
-
Thanks for @reitzmichnicht for letting us know that the latest version of jborgers/sonar-pmd doesn’t appear to be compatible with the latest versions of SonarQube. We’ve updated the Marketplace so that the Plugin Version Matrix reflects reality.
-
Thanks @AMG for keeping us up-to-date with how they fixed their SAML configuration! Hopefully the next user who faces the same issue finds your post.
-
@binaryfire was gracious enough to provide insight into how his organization automates container updates for almost all development services. SonarQube is the lone holdout, and we’ve created a portal card to track interest in this feature.
-
Sometimes it’s hard to get started with analysis. Different environments need different tweaks to get going, and @colinleroy earned the Samaritan badge when he shared how he handled a permissions problem with Node.js.
SonarCloud:
-
We very much regret an incident earlier this week that prevented Azure DevOps repos from being decorated with the Quality Gate (often required to be populated before being able to merge a PR). We were finally able to address it – but we just want to say sorry, again, and thank all the users who reported it to us (@anjuchaudhari, @Joao_Miziara, @groogiam, @Ken_Vanderbeken, @Tcube, @Omprakash_Lodhi, @mw_maistro, @neilcampbe11, @thisispaulsmith, @linkessgit, @ElRoberto, @pconnor, @paras, @sajag-incubyte, @Joan_Miralles, @WilvanBil, @entropic, @markbowler, @andressantos10, @bsmiquelini, @mmonteirocl, @Klug, @fechy, @pmrotule, @flo-dup, @pshilviu, @rwood-Cert, @AWagen, @vossen, @newlight77, @atedsimple, @Ioan_Armenean, @Osvaldo, @rohinz, @Akash_Grover, @sajag-incubyte, @Clement_Sorano, @TScamell, @soydachi, @anjuchaudhari, @dl2023, and no doubt others).
-
It turns out that Quality Gate thresholds can be set to some unexpected values – although I’m sure we can all imagine someone on our team suggesting 100% Code Coverage isn’t enough
We’ve created a bug ticket to fix this. Thanks @mmtn! -
@protoshadowmaker and our very own @Margarita_Nedzelska have been discussing an issue with analyzing Android code and targeting Java 11 source compatibility (a requirement of Gradle 8+). Finally we found some resolution.
-
This week we introduced support for analyzing
.razorfiles in SonarCloud (coming to SonarQube soon) – @pascalberger let us know that the new issues being raised can’t be suppressed in code. We’ll work on that with SonarSource/sonar-dotnet #8050. Thanks for the report! -
Thanks @msedi for this report about invalid paths during .NET analysis. We created SonarSource/sonar-scanner-msbuild #1690 to do a better job validating/logging these paths.
-
Speaking of file paths, @uda experienced an issue with Japanese characters in the
git diff-ish command that SonarCloud uses to collect changed lines of changed files for analysis. Thanks for the step-by-step workaround you posted – we’re going to get this added to our troubleshooting documentation!
SonarLint:
-
There has been a rather “hidden” setting for Javascript/Typescript analysis in SonarLint that affects how a subset of rules (using Typescript’s compiler) perform. You can read more about it here in @greg_ya’s thread (thanks for the report!) – long story short, we are going to improve logging and documentation. See SonarSource/SonarJS #4186 and SonarSource/SonarJS #4190.
-
@Anusha_jesuraj shared his struggles getting test rules executed in SonarLint, which led to SLE-732, to allow test file glob patterns to be specified at the project level.
Rule Improvements:
-
Thanks @Bitwise_DEVS for your report about
kotlin:S6516– we agree there should be an exception from this rule when thethisargument is used in the function. SONARKT-361 -
It’s important to receive reports even for known false-positives, as they help us assess priority and give us more code samples to validate our fix against. Thanks @Velociraptor45 for adding your voice to SonarSource/sonar-dotnet #5338!
-
@m-gallesio and @ttphan reported two issues with
csharpsquid:S2583, helping us create SonarSource/sonar-dotnet #8027 and SonarSource/sonar-dotnet #8028. Thanks! -
Thanks @Criban for the report about
css:S4662– we’re going to add an exception for@containeras you suggested: SonarSource/SonarJS #4183
-
Thanks @KUGA2 for working with our developers through a false-positive on
cpp:S109– we’ve created CPP-4714 to handle magic numbers used in implicit AST nodes.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
Colin, @ganncamp and @leith.darawsheh