Hello Sonar Community!
It’s been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them. We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
Issue with SonarScanner CLI Docker Image
On Tuesday evening, we pushed a bad version of SonarSource/sonar-scanner-cli-docker. Not only was it a bad version, but we overwrote an existing version. Everywhere that used that version broke. We are sorry, and we’re figuring out how to make sure it doesn’t happen again. We can’t thank everyone who reported the issue (across many platforms), but thanks to the participants of this thread: @Alex_Lo, @sveinse, @jrich523, @arrmansa, @viniciusczar, @rafael-loggi, @david-percent, @Tim_Nordloh, @cromerohdz, @ianhgraham-rr, @jwhy89, @vandal, @dsayling, @davidcroda, @rathpc, @mccaffers, @lingfang-zhu, @mattbangert, @Henrique_Oliveira, and @GreyTeardrop
SonarQube:
-
We need to update the instructions for including self-signed certs in SonarScanner CLI Docker Image. Thanks for the report @WilliamMedanoGutshal
-
Thanks @anon67236913 for alerting us that the SonarQube v10.5 docs need an updated reference to the Microsoft SQL JDBC Auth DLL. It’s already fixed!
-
SonarQube v10.5 was released and it turns out there’s a bug in GitLab Authentication. Thanks for the reports @maudin, @gysel, @mcujba, @Modjo, and @freddiN! SONAR-22088 will be delivered in 10.5.1.
-
Thanks @Heorhi for the excellent observation that all rules on rules.sonarsource.com are showing up as available starting in Developer Edition… for most rules, that’s not true. We are working to fix that.
SonarCloud:
-
Kudos to @thomas-jakemeyn for pointing out that the “Accepted Issues” links on SonarCloud project dashboards are pointing to the Accepted Issues on New Code no matter whether you’re browsing New Code or Overall Code. We’ll fix that.
-
And thanks to @lrozenblyum for showing us an example of SonarCloud cutting off metrics in the Activity tab. We’ll fix that too.
-
Thanks @HermannGruber for walking us through an
OutOfMemoryerror. It really makes sense to include troubleshooting steps for this in our Scanner for Maven/Gradle docs. Changes are on the way! -
Using
sonar.qualitygate.wait=trueon the first analysis is misleadingly failing – since the QG of a first analysis is always NONE. We’ll improve the user experience here. Thanks @francescom412!
SonarLint:
- Shoutout to @thomas-k-dev for showing us a missing case when we fixed SLCORE-753. The ticket was reopened and the issue was addressed.
Rule & Languages Improvements:
-
Thanks @Patrice_Scribe for suggesting that S1093 should allow
<li>elements inside<menu>elements. This aligns with the HTML spec, and we’ll fix it with SONARHTML-248! -
@DanielVinkSpotler’s report made us realize that the enabled taint rules for JS/TS are displayed in a non-deterministic order in the logs, which can be confusing, so we’re going to fix that. Thanks!
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@ganncamp, @Colin, and @leith.darawsheh