Sonar Community Roundup, June 29 - July 5

Hello Sonar Community!

This week, some big news was shared: @Olivier_Gaudin is stepping down as co-CEO of Sonar. Olivier, one of the three founders of Sonar, has been a huge supporter of our Community since Day 1. Ann, Leith, and I are excited to see what’s next for Olivier as he takes on a new role at Sonar.

And it has been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them.

We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.

SonarQube:

• Some changes to SonarSource/sonarqube-scan-action prevented caching from working correctly, as reported by @MortenHindsholm. The latest version of the action fixes this. Thanks a lot!

• There was a parsing issue with the helm chart for SonarQube v10.6 initially reported and then fixed by @Mikaciu. Thanks so much for your contribution!

• When SonarQube v10.6 was released, some download links were messed up. Thanks for the report, @anon67236913; they are already fixed!

• Thanks also to @anon67236913 for pointing out that the version of the MSSQL Server JDBC driver mentioned in the conf/sonar.properties file didn’t get updated in SonarQube v10.6. SONAR-22473

• We’ve updated our documentation to clarify that you can’t use multiple LDAP servers as a fallback when one is down, which is what @sopraf was trying to do. The funny thing is that I swore one could, so I learned something new!

SonarCloud:

• As reported by @AlexJulita, putting github.com in an allowlist might not be enough to allow new versions of the Extension for Azure DevOps to download the scanner. We’re checking how to update our docs to reflect this. Thanks!

• Rule links on Azure PR Comments are broken. We’re going to fix them. Thanks for the report @warden!

• Thanks @TiKevin83 for helping us track down an issue causing certain files to fail to be processed by the Compute Engine (failing analysis)

SoanrLint:

• Big thanks to @mvillanueva for showing us that issue severity isn’t being synced sensibly when connecting to pre-SonarQube v10.2 instances. SLCORE-879

Rule & Language Improvements:

• Thanks, @imagoiq, for reporting a false positive on web:S6821, where the ARIA role “toolbar” is being raised as an invalid role. We’ll fix that with SONARHTML-256!

• java:S6901 is crashing analysis for @fs-chris and we were able to figure out why. Thanks for reporting! SONARJAVA-5059

• java:S1144 can raise false-positives in specific circumstances when bytecode isn’t present. We’ll address this with SONARJAVA-5058. Thanks for the report @Quentin_Monmert!

• web:S4645 is incorrectly determining the start/end of a <script> tag. SONARHTML-255 will sort this out. Thanks for the report @Sharron_Xie!

• @pkidpkid has helped us make sure that cache misses for C and C++ analysis don’t happen unnecessarily. Thanks a lot! CPP-5158

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

@Colin, @ganncamp, and @leith.darawsheh