Hi all,
Were you at SonarSummit this week? We went around the globe with nearly 24 straight hours of content, featuring 6 tracks in 3 time zones. 
With so much going on at once it wouldn’t be surprising if you missed a session you wanted to attend. Fortunately, it’s all on YouTube! 
And amazingly, even with all that going on, we all still managed to get some work done in addition. So now, like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback to drive continuous improvement in our products.
SonarQube for IDE:
-
Copilot opens files outside the workspace when you trigger a review. Since the files are open in the IDE at that point, SonarQube for VS Code analyzes them even though it really shouldn’t. Thanks @hb20007! SLLS-466
-
One of the benefits of connected mode is having your team’s settings applied locally. So it’s irritating when your exclusions aren’t applied universally. SonarQube for IntelliJ applies them in some cases, but not all. Thanks @RJRN! SLCORE-2196
SonarQube Cloud
- In a bit of a left-hand/right-hand situation, we accidentally introduced an error message to some users’ analysis logs. Fortunately, it was just ugly, and didn’t actually affect analysis. Thanks for the reports @akumbhar, @kenyoungdispel, @cjakins, @muenchdo. We’re working on it.
SonarQube Server / SonarQube Community Build:
-
The regulatory report shouldn’t show a Reliability count when your SonarQube instance isn’t in MQR mode. Thanks @Roald. SONAR-27192
-
@Wiebke spotted a regression on the Issues page, which is now cutting off long file paths. SONAR-27210
-
It stopped being possible in 26.1 to disable rules in an extended Quality Profile. That wasn’t on purpose, though. Thanks @dbisbos! SONAR-27208
Rules & Languages Improvements:
-
When parsing Rust Clippy reports generated from a crate that is part of a Cargo workspace, we don’t match the issue file paths, resulting in no issues being loaded. Thanks @oj502 RUST-115
-
@gquerret let us know about a false positive in
java:S5853when a test includes two consecutive calls toassertThatwith the same list as an argument but they are chained with calls to the element method. SONARJAVA-6180
-
cpp:S1117crashes analysis when it hits multiple inheritance. Doh! Thanks @Dismine. We’re on it! -
csharpsquid:S6664currently counts TRACE-level logging calls toward the Debug threshold, producing false positive issues. Thanks @ArwynFr. We’ll get it fixed. -
java:S5852doesn’t flag the regex pattern-+$as vulnerable to Regular Expression Denial of Service (ReDoS) attacks. Well spotted, @KPhi. SONARJAVA-6183
-
@mvillanueva let us know about a false positive raised by
java:S4605when@SpringBootApplicationis followed by@ComponentScan. SONARJAVA-6184 -
We had overlooked the fact that dotCover is dropping support for its
.htmlreport, which is kinda important since that’s the only format we support currently. Thanks @saturnchickenlegcake! We’ve added it to the backlog. -
@Carsten_HB and @oliver.s raised the very pertinent issue of having rules for Node.js build tools (Shai-Hulud, anyone?) Thanks! It’s on the list.
Thanks again to everyone mentioned here - and to anyone we may have missed - for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann