Hello Sonar Community!
It’s a pleasure to see some more activity in our Community this week! Finally, our canicule in Switzerland is starting to break .
I’m an American who grew up with air conditioning in every room. It’s a struggle. Whatever sleep I lose at night because of the heat, I gain by remembering my improved carbon footprint. At least, that’s what I tell myself.
We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
-
When using SCIM, deactivating a user causes them to lose their group membership, which is not restored when the user is reactivated. Thanks @Dominique for your detailed description of the issue, helping us create SONAR-22789!
-
SonarQube’s Web API documentation for GET/api/v2/users-management/users states that an exact match can be performed when using the
q
parameter, which is not true (only a partial match can be performed). We will fix the documentation with SONAR-22785. Thanks for helping us find this @andi. -
We don’t advise that users grant Anyone the Execute Analysis permission, especially if your SonarQube instance doesn’t require authorization. That being said, it should work if you configure it that way (I often do for my local testing instance) and it wasn’t working for the Scanner for NPM. Thanks @gian1200. SCANNPM-42
-
@Tuxedo pointed out an inaccuracy in our documentation on LDAP authentication that referred to an ability to fall back to local authentication that hasn’t existed for a long time. We’ll fix that reference. Thanks!
-
With the new version of the SonarScanner CLI, files with special characters fail scans that were previously working. Kudos to @Dennis_DECA for catching this. SCANDOCKER-40
-
sonarqube-scan-action
is no longer handling custom certificates well. Thanks for the reports @jtaylor and @deeninetyone! For now we’ve pinnedmaster
to an old version while we fix it for real with SQSCANGHA-44.
SonarLint:
- Remote toolchains aren’t working correctly to analyze C/C++ code on CLion 2024.1+ (a flavor of IntelliJ). Thanks for the report @ToWeShs. SLI-1545
Rule & Language Improvements:
-
Short-circuiting and null coalescing should not cause an increase in Cognitive Complexity for Javascript/Typescript code. Thanks for the great point @Fei! JS-272
-
java:S1144
is raising a false-positive if a private method is referenced by theorg.junit.jupiter.params.provider.MethodSource
annotation without arguments. Thanks @kim.martin! SONARJAVA-5099 -
cpp:S836
raises a false-positive when a destructure-bound value is captured and used in a lambda function, as reported by @guhwan.bae! We’re already tracking this at CPP-5405 and it’s always good to have additional reproducers (it makes sure we fix the issue correctly).
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@Colin, @ganncamp, and @leith.darawsheh