Hi all!
Happy 4th of July to our community members in the USA! 
While Ann (and the rest of our US office) is off enjoying fireworks and BBQ, I’m here in Switzerland where the only thing exploding today is the temperature.
In the meantime, as always, we want to take a moment to recognize everyone who sparked interesting discussions and gave us valuable feedback to drive continuous improvement.
SonarQube Server & Community Build:
- @trevor.steen discovered a bug in Security Reports where clicking on issues from non-main branches drops the branch parameter, defaulting back to main/master. The workaround is to manually add the branch parameter to the URL, but we’ll fix it for real with SONAR-25428. Thanks for the clear steps to reproduce!
Rule & Language Improvements:
-
@torgeir.skogen reported false positives with
cpp:S7055promotingstd::to_underlyingwhen casting enums to different integer types and when converting fromstd::byte. The team created CPP-6639 and CPP-6640 to track these issues and discovered an additional problem with the suggested fix. Great catch! -
@bannmann found that rule
java:S2637incorrectly flags JSpecify-annotated generic methods as potentially returning null, even when the method signature clearly indicates non-null returns. The issue appears to be specific to generic methods with@Nullableparameters. The team created SONARJAVA-5660 to address this. Thanks!
- @joel-cathvision discovered AD0001 errors during SonarQube’s C# analysis. Through extensive investigation the team was able to identify this as a bug in the underlying Roslyn compiler’s position handling, which they reported upstream (dotnet/roslyn #79197). Thanks for the incredibly thorough analysis that helped pinpoint this compiler issue!
- There are some misleading warnings when importing TFLint reports, as discovered by @tonysnowden-mqube. Thanks for the report! SONARIAC-2086
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!