Hi all,
I’ll be in Sydney next week for the SonarQube World Tour! If by chance you’re reading these roundups and are in Sydney (a rare combination, I know), please come say hi!
As always, we want to recognize those who spark interesting discussions and provide valuable feedback to drive continuous improvement.
SonarQube Server & SonarQube Community Build:
-
@Pavan_kumar_Nimmagad identified that the GET /api/issues/search endpoint doesn’t behave as expected when multiple
componentKeys
are used with thebranch
parameter. We’ll address this with SONAR-25553. -
@aravindnss spotted an empty bullet point in the Bitbucket integration documentation. The team published a fix right away—thank you for your attention to detail and your kind feedback!
SonarQube for IDE:
- @wolfgang_hafelinger encountered several issues with SonarQube for IntelliJ. After extensive troubleshooting, we created SLCORE-1011 to provide better feedback to users when synchronization fails.
Rule & Language Improvements:
-
@VeryPaul reported that rule csharpsquid:S1905 incorrectly flags necessary casts in ambiguous constructor overloads. The cast is needed to clarify between generic and non-generic parameters. We’ve opened a ticket to address this false positive. Thank you for the clear reproduction!
-
@mfroehlich reported that rule
java:S2441
doesn’t recognize serializable records when they’re added to session attributes if theSerializable
interface isn’t available during analysis. We’ve confirmed this false positive and created SONARJAVA-5697. Thank you for bringing this to our attention! -
@lorenzo.buzzi found that rule c:S923 doesn’t account for the
__attribute__((format (printf, 6, 7)))
compiler directive, which enables type checking for variadic functions. The team agreed to exclude properly annotated functions from this rule and created CPP-6680. -
@luc_vermeiren requested a rule to flag dependencies on regional settings in C++ server code, where consistency is crucial. We’re investigating this further with CPP-6686.
-
@stmader suggested a rule to detect potential thread-safety issues in singleton classes with instance variables, especially for Jakarta EE
@ApplicationScoped
beans. We’ve opened SONARJAVA-5700 to pursue this. -
@csmith-weavix and @lucasjvw both encountered
1 is not a valid line offset
errors from Sonar’s Design and Architecture analyzer caused by empty first lines in files. The fix is already in place and will appear in SonarQube Server 2025.4. Thanks for helping us resolve this edge case!
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions to making the community stronger and helping us improve Sonar products.
If you’d like to recognize someone, whether a community member or a SonarSourcer who supported you, please do so below. If you have a suggestion for next week’s shout-out, let us know!