Hey all!
We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Server:
- Thanks to @grzegorz.sobanski for reporting a problem with the GET api/systems/upgrade endpoint in SonarQube Server 10.8. It’s serious enough that it will get fixed in an upcoming patch release (10.8.1). SONAR-23954
SonarQube for IDE:
csharpsquid:S6932
suffers from a bug in the Roslyn compiler that prevents it from being raised in SonarQube for IDE. Thanks to the excellent reproducer provided by @Lutti1988, we will open a bug with the Roslyn compiler.
Rule & Languages Improvements:
-
@to-s reported that on December 4th, their Python analysis started getting stuck. It turns out we did deploy a change around then to our advanced bug detection engine that affected cyclic-type relations. Thanks for the report – a fix will be deployed to SonarQube Cloud soon (if it hasn’t been already)!
-
@Victor_Ciresica asked for help marking parameters annotated with
@RestQuery
as sources for injection vulnerability detection. We helped him figure out how to do that, and will incorporate this as default configuration in a future release. Thanks! -
javascript:S6759
currently crashes whenreturn
is used outside of a function. Thanks @ej612! JS-487 -
php:S1481
should handle closure scopes correctly. Thanks @mx-jhinz! SONARPHP-1593
Scanners:
-
We are going to make it explicit in the documentation for the SonarScanner for NPM that it supports
NO_PROXY
. Thanks for the feedback @atletokle! SCANNPM-61 -
@grine4ka let us know that external contributors couldn’t build the SonarScanner for Gradle from its repo. SCANGRADLE-192 is already merged. Happy compiling!
-
The latest version of the SonarQube Scan GitHub Action needs to account for instances where a self-hosted runner doesn’t have
keytool
available to handle certs. SQSCANGHA-56 has been included in v4.1.0 of the action, and some further conversation improved our documentation on the matter. This is all thanks to @higgs01!
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.