Happy New Year! 
Wishing you and your loved ones all the best for 2024.
We took a few weeks off of during our yearly review (as we spent time with our loved ones), so buckle in for 3 weeks of “thanks”. Sorry if we missed anyone!
By the way, next week Sonar is having our annual off-site (in a secret location), which means we won’t be as active next week. Thanks for your understanding.
Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.
SonarQube:
-
A post from @Simon.Greter has encouraged us to investigate how we can better automate coverage import for .NET projects on Linux machines, and how we can improve our existing documentation. This work is being tracked at SonarSource/sonar-scanner-msbuild #1813 (and kudos to SonarSourcer @antonio.aversa for providing a workaround in the meantime) Thanks!
-
@almeydajuan89 has pushed us a little closer to Gradle 9 support by reporting some deprecations that need to be addressed, and they will be with SONARGRADL-135!
-
SonarQube v10.3 is having a hard time serving font files on instances with
sonar.web.contextset. Thanks @null for the report. This issue will be fixed in v10.4 with SONAR-21369. -
Specific annotations are required when using the SonarQube Helm Chart with an AWS load balancer. Thanks for the tip @Andy_Rudeseal, we’ll document this in the context of SONAR-21349!
-
We plan to make our logging for .NET code coverage more clear after a push from @ethantanen. Track this work at SonarSource/sonar-dotnet #8503
SonarCloud:
-
@Maxim_Nikolaev reported that in Bitbucket Cloud, not all projects are being shown in the SonarCloud widget like expected. This turned out to be to be a bug on our side, and a fix has already been deployed! Thanks a lot.
-
A recently deployed version of our Javascript/Typescript analyzer is getting resource-hungry when gathering available dependencies. Thanks for helping us track this down @Thai_Nguyen. SonarSource/SonarJS #4490
-
Thanks @nikita-credable for bringing up a confusing user experience when viewing an organization’s default Quality Gate. We’ve raised an internal ticket to set this right.
SonarLint:
-
@droumanet reported trouble using SonarLint with a flatpak distribution of VS Code. Thanks for reporting back with what finally helped you overcome this.
-
You may not know that there’s a flavor of SonarLint available for IBM Developer for z/OS, specifically to help users analyze COBOL code. This is the result of a collaboration with IBM some years ago. Some work needed to be done on the IBM side to keep this integration working, and that’s done now – thanks for @ellianmg1, @victorm and @lydiaw for pushing on this topic!
Rule Improvements:
-
java:S6395is raising a false-positive on flag-setting groups as reported by @ivaniesta14. We’ll fix this with SONARJAVA-4744. Thanks! -
python:S6542is raising false-positives on re-exported/imported overrides. Thanks for the report @bers, and here’s the ticket where we’ll work on this: SONARPY-1598 -
@posuhov pointed out that there’s an exception to
java:S1068that isn’t being documented. We’ll updat the description! -
python:S5655isn’t taking into account that a boolean is easily converted to a float – at least, it isn’t for a little while longer thanks to another report from @bers. SONARPY-1600 -
c:S6069has a confusing false-negative as the result of an exception when usingsnprintf. We’ll fix that with CPP-4901! Thanks @zhangjiuwang! -
csharpsquid:S3878is raising a false-positive when the input array is a collection expression with spread operator. Thanks for the report @ehonda! SonarSource/sonar-dotnet #8510
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
Colin, @ganncamp, and @leith.darawsheh