Hello Sonar Community!
What a week – we released SonarQube v10.4 with one of the coolest features folks have been waiting on for a while: Pull requests will now show issues that will be fixed by the merge. 
While SonarLint already gives developers instant feedback when fixing an issue, this will allow other reviewers to see your hard work as well. This also fills in the gaps on languages/rules/IDEs not supported by SonarLint!
Okay, enough geeking out–or is it only the start? Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.
SonarQube:
-
This week we released SonarQube v10.4 - with the ability to automatically provision and sync Users and Groups from GitLab! While doing so, we introduced a bug where the application on GitLab started to require more permissions than before. We’ve updated the documentation to reflect this and we’ll ultimately fix the bug with SONAR-21589. Thanks for the headsup @Modjo, @Alireza_mh, @Mohsen, and @Manuel_Lazzari!
-
At Sonar, we’ve been changing around access to our internal package registry (to stop allowing anonymous access) and it has caused a few disruptions. This week @stefanoviv discovered the package-lock.json of open source SonarSource/SonarJS still contained references to the private repo. We fixed that already!
-
We also announced a new version of SonarSource/orchestrator to handle this change as well, and @felipebz found a bug in determining the latest version of SonarQube. Thanks
! -
@ld_singh was mislead by logs that security analysis hadn’t fully completed, when really it had. We’ve created an internal ticket to improve this.
SonarCloud:
- When analyzing a pull request, SonarCloud can use a cache of the target branch to speed up the analysis. But what happens when you force a branch analysis on a pull request (when the pull request closes, for example)? @Jordi-Pineiro found out and it led to really wonky analysis results. We’ll fix this with SonarSource/sonar-scanner-msbuild #8170
Rule & Language Improvements:
-
Thanks @bers for updating us about a change to the well-known Python formatter black, specifically about how dummy class and function implementations (stubs) are formatted. We’ll align with SONARPY-1635.
-
Kudos to @phommy for pointing out a false-positive on
java:S3242where the suggested fix would break compilation. SONARJAVA-4835 -
@SSC found a bug in C and C++ analysis that occurs only when using certain locales. A workaround is mentioned in the thread, but we’ll fix it long-term with CPP-4949. Thanks!
In other Community news, @daniel happened to come across our intern’s website from last year and gave some kudos. It’s true – every year at SonarSource a bunch of French teenagers invade the office to be led by @JBL_SonarSource and learn about what we do! 
We’ll have our next cohort soon.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
Colin, @ganncamp, and @leith.darawsheh