Hi all,
Valentine’s Day is tomorrow, and we’re feeling the love from this community! 
It was a busy week with a great mix of bug reports, false positive catches, and feature discussions that are driving real improvements across all the products in the ecosystem.
And now, like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback to drive continuous improvement in our products.
SonarQube Cloud:
- @Appquestduke and @jfernandez-wealthrea hit an error in analysis that they thought was on our side. It turns out to be coming from GitHub instead, but we’ve added it to our docs anyway to help future users.
SonarQube Server / SonarQube Community Build:
-
@ivandalbosco reported that the Rule actions for profile menu was hidden when the parameters column content is too wide. SONAR-27043.
-
@Scott and @Gabriel_Cuadros_Caceres reported that building SonarQube from source was failing due to a missing
sonar-springdependency. The artifact has since been promoted. Thanks! -
@Fabrizio.Mancin ran into a chicken-and-egg problem switching main branches from “develop” to “master.” The solution was to run an analysis with sonar.branch.name=master specified manually to create the branch in SonarQube first, then switch it to the default. We’re going to make sure this is clear in the docs going forward.
Scanners:
- @afandian reported that exclusions configured via pyproject.toml don’t work in pysonar, contrary to what you would think from the docs. We’ll get the docs fixed.
Rules & Languages Improvements:
-
@RiversJohn reported a false positive in RSPEC-127 where variables declared in a
forloop’s initialization but not used in the stop condition were incorrectly flagged. We’ve created a ticket internally -
@Jmanom requested updating rule java:S1166 for unnamed variables (JEP 456), which we did. And then he pointed out that we hadn’t done it right.
Thanks! SONARJAVA-6126
-
@Corniel flagged that Roslyn analyzer URLs pointing to rules.sonarsource.com are broken following the site’s decommissioning. The fix will be included in the next analyzer release.
-
@bartzick reported that datatype sizes are incorrect for C2000 target architectures where the minimum addressable unit is 16 bits. We had a ticket for that already, CPP-3622, to which we’ve added this valuable case.
-
@vc-jl identified a false positive in rubydre:S7905 where
ApplicationController < ActionController::Basewas incorrectly flagged. A fix is planned for the next release. -
@1337_Nerd reported that the RPG parser fails on enum declarations. A fix has been confirmed and will be included in the next release.
-
@timo-a reported a false positive on S6207 for overridden getters of records. We already had a ticket for that, but we’ve bumped its priority. SONARJAVA-5985.
-
@andre-ss6 reported a false positive in S125 when comments end with a semicolon. This is a tough one since that rule operates on a heuristic, but we’re going to try to make it better.
-
@Carsten_HB and @oliver.s started a great discussion around defining custom rules for Node.js build tools to enforce centralized package manager configurations and prevent supply chain attacks. We’re exploring built-in support for this.
Thanks again to everyone mentioned here - and to anyone we may have missed - for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann