Sonar Community Highlights, September 23 - September 29

Hey everyone!

Another busy week in the Sonar Community!

Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

SonarQube:

• SonarQube v10.1 and v9.9.2 are causing an issue with proxy authentication. This was brought to our attention by @kbolivard, @ptschi, and @LOIC_BOURGEOIS. Thanks for the reports – we’ll fix this with SONAR-20540.

• There’s an issue in SonarQube with importing Rubocop reports. Thanks for the report @a.stalitza. We’ll fix this with SONARSLANG-624!

• @daniel reported a small typo. We appreciate it <3. And it will get fixed in SonarQube 10.3.

• @FredericS brought to our attention a documentation improvement about which branch needs to be analyzed to change the project name. Thanks for the help!

• Kudos to @anon67236913 for pointing out a broken link to some documentation in the SonarQube UI. SONAR-20606

• @Narfix showed us that the Quality Gate icon doesn’t get refreshed when analysis results are updated. Thanks! We’ll work on that with SONAR-20603.

• @Narfix also gave us some valuable feedback about looking for tokens in the SonarQube UI. Great ideas! SONAR-20605

• SonarQube is having trouble starting against certain Java distributions. Thanks for the note @ass4.

• Monorepo support is a feature of Enterprise Edition+, but no single documentation page covers this feature (it’s spread out over all the DevOps Platforms Integration). We’ll work on this. Thanks @KUGA2 for your post.

• Our C and C++ analysis is stalling when fakeroot gets used, as reported by @anushasandeep! Thanks for the report – here is the bug ticket. CPP-4724

SonarCloud:

• Big thanks to @RHCertara for reporting an issue on SonarCloud shortly after we deployed a change. We were able to revert it right away. Your clear and rapid communication was invaluable.

• A number of you began to report that the Bitbucket Integration for SonarCloud wasn’t working quite right with Safari. We got this fixed this week. Thanks for the reports @sgregresen, @dillan-mt, @zaq42, and @BlasOrtellado!

• Myself, @Claire_Villard, and @anita.stanisz have been troubleshooting a coverage issue for weeks. Seems like SonarCloud is overestimating estimated coverage when importing coverage from XCode. Thanks @GeekOnIce for the report and all your help reproducing the issue. It’s in the backlog now.

• Analysis is failing in a few cases for specific Java code (read about it more in SONARJAVA-4617). Thanks for the report @ozzi.

SonarLint:

• Thanks @kazuhiro-nishimura for reporting that when non-Latin characters are used, SonarLint isn’t… squiggling correctly. SonarSource/sonarlint-visualstudio #4911

Rule Improvements:

• Thanks @SRenick for making us aware of a limitation with our C and C++ analyzer where our analysis only onsiders a single translation unit at a time. This can lead to some false-positives. Unfortunately this is not an easy issue to fix, but now we can track the issue at CPP-4723.

• Thanks @vtintillier for reporting an issue with java:S3824 where Map.containsKey cannot be replaced as the rule suggests. This improvement can be tracked at SONARJAVA-4613.

• Kudos to @sball for raising this issue about java:S1143 where an issue is getting raised when a return statement is inside a lambda expression in a Finally block. This will get worked on with SONARJAVA-4619!

• @Arthur-Robinson reported an issue with csharpsquid:S2583 where an is raised when there is comparison to a constant. Thanks for the report Arthur! This issue can be tracked at SonarSource/sonar-dotnet #8080.

• Thanks @mfroehlich for pointing out that the issue message on java:s1943 is misleading. SONARJAVA-4620

• Thanks @bzadelhoff for noting that java:s5683 doesn’t support AssertJ soft assertions. We’ll work on that with SONARJAVA-4616

• Seems like java:S3749 is throwing some FPs when Springboot users migrate to using jakarta.annotation.Resource. Thanks for the note @anon67236913, following along at SONARJAVA-4612.

• Thanks @tom_hysopt.com for your feedback on java:S3655 (a false-negative when control flow breaks before callpoint), helping us create SONARJAVA-4611.

• Our goal is to support SASS syntax after a report from @jraez. Thanks Jerome! SonarSource/SonarJS #4221

• Shoutout to @Belle for your feedback on java:S2974, where we discovered we need to make an exception for lombok.NoArgsConstructor and lombok.AllArgsConstructor. SONARJAVA-4614

• We need to add vitest to our list of supported libraries for javascript:S2699 after a report from @HugoMercierYuc and @pascalgrimaud. Thanks y’all! SonarSource/SonarJS #4195

The Samaritan badge is awarded to users whose first-ever post in the community is intended to help someone else, and we welcomed two new Samaritans to the community this week. @sonar007 shared his favorite JSON validator in a thread about crafting a correctly-formatted Generic Issues report, and @njj1006312908 shared pointers for importing ESLint issues.

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

@Colin, @ganncamp and @leith.darawsheh