Hello Sonar Community!

We’re happy to be back. Thanks for bearing with us after a week away. It feels good to be back – what does Dorothy say in the Wizard of Oz? There’s no place like home…

2023: The Year in Review

Take a look at our 2023 year in review and see who the most engaged users of the Sonar Community were, and what were the hottest topics. For those of you made it into the overall stats for 2023’s top users– keep an eye out for a new badge honoring your inclusion. Update: the badge has been awarded!

Now onto our regular show. Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.

SonarQube:

• Thanks @eliassal for asking about some warning messages on SonarQube startup. We should kill the noise and suppress those, and we’ll do that with SONAR-21431.

• Trusty @Jos_Abrahams reported a crash with our COBOL analyzer that we’ll investigate with SONARCOBOL-1693. Thanks!

SonarCloud:

• @sensslen came across a very interesting false-positive that only occurs when using Automatic Analysis for .NET code. This was a very important find that we’ll tackle soon.

• We experienced an issue with SonarCloud on Wednesday related to having Node.JS installed in the scanner environment. Thanks for the reports @patrickvol, @bartgommers, @MarkEQ, @faheemgani, @sithmein, and @AlexJulita. We reverted the change and are taking a step back.

SonarLint:

• @Aaa reported a UI freeze in SonarLint for IntelliJ that was ultimately caused by the slow loading of a keystore. This report helped us file an issue with the underlying library. Thanks a lot! SLCORE-669

Rule Improvements:

• Kudos to @yanggaojun101 for pointing out a rather obvious false-positive with java:S6833. We’ll fix that with SONARJAVA-4748.

• Windows file paths are triggering java:S5665, which is leading to false-positives. Thanks for the tip @mwhaycraft. SONARJAVA-4752.

• We’ve recently added support for the Vitest testing library in some of our Javascript/Typescript rules, but we still have some improvements to make. Thanks @ValentinGurkov for pointing out a false-positive in javascript:S2699 when the expect handler is passed through the local test context. SonarSource/SonarJS #4507

• This same rule needs to be updated to accommodate utilizing the Sinon.js API for spying purposes, and the Jest assertion API, as reported by @HugoMercierYuc and @ken.bak. Thanks! SonarSource/SonarJS #4506

• Server Side Includes should be ignored by Web:WhiteSpaceAroundCheck as suggested by @fassen. Thanks! SONARHTML-187

• Shoutout to @mfroehlich for reporting an issue with java:S1170 when the field is used in a non-static member (a false-positive is raised). SONARJAVA-4749

• @Herschdorfer brought to our attention some improvements that need to be made to c:S3949, which are documented in CPP-4305. Thanks a lot!

Finally, the Samaritan badge is awarded to users whose first post is made to help others. We’d like to welcome and thank again: @jain-ranjith, @Vidsha_Rupani, @ThomasVThomas, @Osvaldo_Robles, @chaudharysurya14, @dumch, and @Panagiotis_Tsiakos, who have all been awarded the badge since the first of the year.

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

Colin, @ganncamp, and @leith.darawsheh