Sonar Community Highlights, September 9 - September 15

Hey everyone!

Another busy week in the Sonar Community – and in the broader world of Sonar. This week we announced that Tariq Shaukat has joined Sonar as co-CEO! Ann and I are also happy to welcome @leith.darawsheh as a new member of the Community Team at Sonar.

Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

SonarQube:

• Thanks @krmichelos for reporting an issue with SonarSource/helm-chart-sonarqube where helm test wasn’t working out of the box. We fixed this with SonarQube v9.9.2 and v8.0.2 of the Helm Chart in the context of SONAR-20407.

• The latest version of SonarQube lets users import Cobertura coverage reports for C and C++ code. @tjnashq is an early adopter of this feature and while everything worked, there were tons of warnings in the logs. We’ll work on this in CPP-4693. Thanks for the report!

• @Camal uses the co.uzzu.dotenv.gradle plugin to manage settings for their Gradle project which is causing issues when trying to execute rules against ​build.gradle.kts files. This report led to SONARGRADL-311– thanks!

• So far @ryanc1234 and @Narfix have given us feedback on SonarQube’s new UI – specifically that they want to see a dark mode. Join the conversation here.

SonarCloud:

• Back in July, @juanvibolufer told us that certain API calls mixing rule keys with dots and others without was causing 403s to be returned from SonarCloud. That’s fixed now. Thanks!

• @sunk spent some time following documentation about New Code Periods that was just… wrong Sorry for the inconvenience, the documentation is already fixed.

• @lrozenblyum saw some unexpected paths in their analysis logs from a branch they weren’t even analyzing. Turns out this was completely normal (the paths came from a cache stored on SonarCloud), but we’ll still do some work to make this less noisy (internal ticket created)

SonarLint:

• @Bart_Adriaanse, @Tagir_Valeev, and @internetstaff reported that a change in SonarLint for IntelliJ v8.5 was polluting .iml files with unnecessary modifications. We suggest users downgrade if they need and wait for the next release (SLI-1106). Thanks a lot for the feedback

New Rules:

There’s a category in our Community to suggest new rules – but we admit that it’s not super active. Thanks @mfroehlich for suggesting a brand new rule to simplify checks for empty/non-empty and blank/non-blank strings! We’ll first implement it first for Java and Kotlin – see SONARJAVA-4606 and SONARKT-360!

Rule Improvements:

Java

• Thanks to @Dave562 for some false-positive reports about javasecurity:S6096 which pointed to a gap in our support of the java.nio.file.Path API. We’ve created an internal ticket to address this!

• @daniel let us know about a typo in the compliant solution of java:S1774. A fix is already merged. Thanks!

• Not only suggesting new rules, @mfroehlich keeps on giving us feedback for our Java rules! It’s really appreciated – and we’ll work on the rule description for java:S1226 soon.

• @Thomas_Mauch offered a (beautfully formatted) false-positive report on java:S1989, where issues were being raised on methods not part of the HttpServlet API. SONARJAVA-4603

• @gillesB rightfully pointed out that java:S2222 is too strict. We’ll work on this with SONARJAVA-4604 – thanks for the report!

Other

• Thanks to @m-gallesio for their FP report on csharpsquid:S6580 when DateTimeStyles.RoundtripKind is used, leading to SonarSource/sonar-dotnet #8004

• Ruby v3.2 support is coming, we promise (SONARSLANG-614). Thanks for asking @J_Smith!

• @felipebz called out a false-positive for kotlin:S6514 where the suggested fix wouldn’t even compile. We now know not to raise an issue when the delegate is dynamic and we’ll fix that with SONARKT-359. Thanks!

• c:S4423 is raising an issue on already secure code . Thanks for the report @pauldreikneti, we’ll fix it with CPP-4692.

• @jerone had an interesting discussion with PM @gab about typescript:S5869 (removing duplicate character classes in regex). Ultimately the rule was correct, but the rule description could be improved. SonarSource/SonarJS #4156

• @tbadalov shared how he solved a problem passing analysis parameters on Windows, earning him the Samaritan badge

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

 
Colin, @ganncamp and @leith.darawsheh