Sonar Community Roundup, July 12 - July 18

Hi all,

I’ll be in Sydney next week for the SonarQube World Tour! If by chance you’re reading these roundups and are in Sydney (a rare combination, I know), please come say hi!

As always, we want to recognize those who spark interesting discussions and provide valuable feedback to drive continuous improvement.

SonarQube Server & SonarQube Community Build:

  • @Pavan_kumar_Nimmagad identified that the GET /api/issues/search endpoint doesn’t behave as expected when multiple componentKeys are used with the branch parameter. We’ll address this with SONAR-25553.

  • @aravindnss spotted an empty bullet point in the Bitbucket integration documentation. The team published a fix right away—thank you for your attention to detail and your kind feedback!

SonarQube for IDE:

Rule & Language Improvements:

  • @VeryPaul reported that rule csharpsquid:S1905 incorrectly flags necessary casts in ambiguous constructor overloads. The cast is needed to clarify between generic and non-generic parameters. We’ve opened a ticket to address this false positive. Thank you for the clear reproduction!

  • @mfroehlich reported that rule java:S2441 doesn’t recognize serializable records when they’re added to session attributes if the Serializable interface isn’t available during analysis. We’ve confirmed this false positive and created SONARJAVA-5697. Thank you for bringing this to our attention!

  • @lorenzo.buzzi found that rule c:S923 doesn’t account for the __attribute__((format (printf, 6, 7))) compiler directive, which enables type checking for variadic functions. The team agreed to exclude properly annotated functions from this rule and created CPP-6680.

  • @luc_vermeiren requested a rule to flag dependencies on regional settings in C++ server code, where consistency is crucial. We’re investigating this further with CPP-6686.

  • @stmader suggested a rule to detect potential thread-safety issues in singleton classes with instance variables, especially for Jakarta EE @ApplicationScoped beans. We’ve opened SONARJAVA-5700 to pursue this.

  • @csmith-weavix and @lucasjvw both encountered 1 is not a valid line offset errors from Sonar’s Design and Architecture analyzer caused by empty first lines in files. The fix is already in place and will appear in SonarQube Server 2025.4. Thanks for helping us resolve this edge case!

Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions to making the community stronger and helping us improve Sonar products.

If you’d like to recognize someone, whether a community member or a SonarSourcer who supported you, please do so below. If you have a suggestion for next week’s shout-out, let us know!

2 Likes