Hello Sonar Community!
Our little Community was featured on Discourse’s Blog this week. Give it a read if you want to learn about how we battle spam in this Community!
We’re grateful for the feedback (not spam) we’ve gotten this week, and for every time you give us feedback. So like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Server & SonarQube Community Build:
-
@guwirth pointed out that the API version isn’t documented for SonarQube Server 2025.1 LTA. We’re on it!
-
In the shuffle of product and versioning changes, we messed up the Marketplace upgrade-available notification for older versions of Community. Thanks @lg2de! It’s already fixed.
-
@Jaka_Luthar stumbled across the need for a Postgres upgrade before he could jump from 10.5 to 10.8.1. He shouldn’t have had to do that. We’ll get the docs updated.
SonarQube Cloud:
- While browsing a project, @fniessink noticed that some filters weren’t working as expected. We could reproduce the issue, which is actually rule-specific (an indexing issue)! A fix is coming. Thanks a lot!
SonarQube for IDE:
- In SonarQube for IntelliJ, null values accidentally get used when searching for a file in a module, leading to an error. Thanks for the report @xaviermarquez-alba! SLI-1822
Rule & Languages improvements:
-
As reported by @SamCristall, C/C++ analysis does not work with NixOS. Thanks for the heads-up—we’ll track traction for this over at CPP-6087!
-
Thanks to @bje and @Lleczycki for suggesting two rules that could strengthen C# analysis – one to do with using nullable variables in arithmetic, and the other to check for Http verbs on all controllers. Both these rules are now under consideration. Thanks!
-
Another rule suggestion – this time from @ChristopheS, to implement a rule that triggers on usage of the
aria-roleattribute. This one’s not just under consideration, we’re going to do it! SONARHTML-289 -
After a bit of hot potato, we realized we’re passing the wrong version to
eslint-plugin-reactwhich supports our JS/TS analysis. Thanks for following through on this one @strider, even raising an issue with the plugin maintainer before we realized it’s all our fault. JS-536 -
java:S1144should not raise an issue on method sources listed in arrays. Thanks @lbenedetto! SONARJAVA-5160 -
Shoutout to @dbrin for bringing to our attention an issue with
plsql:S1192, which is raising issues inside view definitions. So the advice by this rule to define constants and variables doesn’t make sense, because it is not possible to define constants or variables inside Oracle view definitions. SONARPLSQL-886 -
We need to better handle coverage data from LCOV reports that contain relative paths. Now it’s on our to-do list with JS-537! Several folks contributed to this issue report, including @AlejandroSotoCastro, @lop, and @camoiloc. Thanks to all!
-
In PHP you can write
else iforelseifbutphp:S1541only recognizes the former, even though using the latter is a PSR standard. Thanks @njoussem. We’ll get it fixed. -
@t.brix pointed out that while
java:s3749recognizes some annotations, more would be better.
SONARJAVA-5305 -
@janossch doesn’t think
java:S6832should consider classes to be singletons by default. We agree! SONARJAVA-5308 -
java:S2693says threads shouldn’t be started in constructors. And that makes sense. Unless you’re talking about aThreadconstructor.
SONARJAVA-5310
Scanners:
- If a
JAVA_TOOL_OPTIONSenvvar is set, the Azure extension logs that at theERRORlevel, resulting in analysis failure. A number of people have reported this over the last several years: @Arnie, @kirancodify, @cacti77, @jdavis, @yanlend, @tom9k, @AThomsen, @StLi. SONARAZDO-448 will finally fix it.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own shout-outs below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
@colin and Ann