Hi all,
I’m posting the roundup today because @Colin is off to celebrate Swiss National Day, the anniversary of the day in 1291 that the first three Swiss cantons swore the oath of confederation. So - assuming you can stand it in the summer heat - raise a fondue fork tonight in toast to the Swiss! (Personally, I’ll be having watermelon. 
)
And in the meantime, like every week, we’d like to take a beat to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback that drives continuous improvement.
SonarQube Server & SonarQube Community Build:
-
@dstein encountered a NullPointerException while developing custom COBOL rules with an utterly unhelpful error message. We’ve committed to improving the logs with SONARCOBOL-1766. Thanks for helping us improve the custom rules developer experience!
-
@stellacruzz helped us notice that our upgrade notes for SonarQube Community Build 25.1 say support for Postgres 11 was dropped but are silent about Postgres 12. We’ll fix that documentation gap.
-
@ChristophS78 gave us a nudge about missing multi-module JaCoCo coverage reporting documentation for Gradle. We’ll make sure it’s added. Thanks for highlighting what’s missing!
-
@MarekZajicek tripped over some logs that implied the scanner was looking in the wrong place for JaCoCo coverage files. We created JACOCO-34 to improve these misleading logs. Thanks for the report!
-
@slamster inspired us to check disk space before Elasticsearch fails to start, rather than after. For that proactive improvement, we created SONAR-25632. Thanks for the inspiration!
SonarQube Cloud:
-
@Rus1an battled an OOM error during file preprocessing that persisted despite increasing system resources. After weeks of troubleshooting, we’ve identified that scanner preprocessing shouldn’t visit directories where all files will be excluded. We want to work on this soon! Thanks for sticking with us through the investigation.
-
@jcsawyer encountered the cryptic error “Project or branch does not match the project or branch under which it was submitted” - turns out this accounts for over 50% of uncaught errors in the report processor! Thanks for being the straw that broke the camel’s back) and inspiring us to improve this.
-
@csteague7, @Craig-G-NZ, and @domi413 reported 422 errors when trying to set up new projects from re-keyed GitHub organizations. A rollback fixed it. Thanks for the reports!
-
Fixing that issue unfortunately caused an issue with creating projects configured as part of a monorepo. Thanks @DemvSteinbrink and @EZ-Daniel-Phillips for the reports. It’s fixed now!
-
Null characters in SCM data caused big problems for report processing. Thanks to @traharp, @JRa, @MartinReina, @AdriaanKNW, @david.collins, @jacob, @tk30, @emilt, @khepi.allen, @Sundy, and @RodrigoE92 for the reports. All these data points helped us figure out how to fix the issue.
Rule & Language Improvements:
-
@Corniel proposed two excellent security-focused rules: preferring System.Threading.Lock over object for .NET 9+ lock statements, and detecting conflicting [AllowAnonymous] and [Authorize] attributes. Both were added to the backlog. Great contributions to security!
-
@bdovaz reported false positives with rule S2699 when using Roslyn Analyzers test framework, where RunAsync() is itself the assertion. We’ve filed a ticket to improve this behavior. Thanks for the detailed report!
-
@Rishab.Sharma’s analysis failed with a cryptic “Cannot read properties of undefined” error. The issue was the NodeJS version in the scanner environment, but we think we can do better to prevent users from facing this. JS-827 will improve the experience. Thanks!
-
@habutre provided a code sample showing our newest Design & Architecture rules still have false positives related to annotation value parameters. We’re on it - thanks for the concrete example!
Thank you again to everyone mentioned — and to those we may have missed — for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann