Hey all,
Summer is almost here!
As always, we want to take a moment to recognize everyone who sparked interesting discussions and gave us valuable feedback to drive continuous improvement.
SonarQube Server & Community Build:
- @bojan.stojanovic-LF raised an important concern about Bitbucket’s upcoming deprecation of app passwords and its impact on SonarQube. Thanks to this report we could confirm a workaround and start making sure these changes get reflected in our products. Thanks for the heads-up!
SonarQube Cloud:
-
Multiple users (@CraigRosen, @ViberCoder @jejr_pdkgit, @GregIwan, @federicocalvette) encountered GitHub authentication issues with similar “couldn’t verify your authorization” errors. Turns out it only affected new users of organizations with GitHub membership sync enabled. Thanks to these users it got fixed fast!
-
@Piotr_Kroczynski and @Derick_Dsouza both reported that their organizations were not allowing analyses to be submitted even after resolving billing issues. The team traced this to a problem affecting organizations that enter an “overdue” status and deployed a fix within hours. Thanks for helping us identify this critical billing-related bug!
-
@Veekash_Singh encountered an error when trying to sign into SonarQube Cloud with their Microsoft account. Once our team checked the logs, we were able to flip a feature flag and get it working again while we fixed the root cause. Thanks for the report!
Rule & Language Improvements:
-
@laconiansalvage identified a false positive with
python:S6659when using string slice comparisons, where the suggested.startswith()improvement would yield different results. Great catch! A ticket has been added to the backlog. -
@furti noticed duplicate findings between
java:S2229and the newjava:S6809rule, with both rules detecting improper Spring proxy method calls. The team confirmed this unintentional duplication and created SONARJAVA-5629 to address it. Thanks for spotting this! -
@hne3mu reported that
typescript:S2699produces false positives for Vitest browser mode tests, specifically not recognizingexpect.element()assertions. This case has been added to JS-627. Thanks! -
@Alain_Picard found a false positive with
typescript:S6606suggesting nullish coalescing when logical OR is actually needed for truthiness checks. PR already merged. Thanks! -
@Blaz_Ocepek discovered that fixes for the rule
javascript:S2699were missing from the eslint-plugin-sonarjs npm package, even though they were already available in SonarQube Server and SonarQube for IDE. A new release has been done.
Scanners:
- @sonardroid discovered that some logging features stopped working after upgrading the Gradle plugin from version 5.1.0 to 6.1.0. This is a regression we’ll fix with SCANGRADLE-233
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!