Hey all!
Spring is almost here. 
As always, we are grateful for the feedback we’ve gotten this week, and for every time you give us feedback. So like every week, we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Server and SonarQube Community Build:
-
Following a report from @nexcalmart, we will backport SONAR-24397, which deals with font URLs when
sonar.web.contextis set, to v2025.1 LTA. Thanks! -
@VPloquien reported an old issue with analysis report processing that we never quite got to the bottom to. After some research, we created SONAR-24581. Thanks!
SonarQube Cloud:
-
Thanks, @David_Harper for noticing that one of the links on Bitbucket Cloud PR Decoration crashes the frame due to the CSP (Content Security Policy). The issue will be fixed very soon, if it hasn’t been already!
-
@madyatma reported a very strange issue where some Quality Gates appeared empty in the UI but full of conditions when queried via the API. The culprit? Some forbidden metrics added a long time ago. We’ve fixed the display issue. Thanks for helping us fix this!
SonarQube for IDE:
- It’s possible to encounter a
ClassNotFoundExceptionwhen using SonarQube for IntelliJ. Thanks @sparhidev! SLI-1919
Rule & Languages Improvements:
-
Back in November, @hiepduong reported an issue with Typescript analysis running endlessly on a specific file. We’ve finally reproduced this and created JS-606 to fix the issue. Thanks for the report!
-
Under certain conditions,
c:S955raises a false-positive but only in SonarLint. Frustrating to say the least! Thanks for the report @Oodini. CPP-6193 -
C/C++ analysis is creating some junk
NUL.ofiles when probing IAR compilers in Windows 11. Thanks for the report @CytMR, and also for being in contact with IAR! CPP-6192 -
java:S125isn’t playing well with Java 23 markdown comments. Shoutout to @Grimsa for his report and @nelkahn for an initial investigation! SONARJAVA-5377 -
java:S5804crashes with aNullPointerExceptionwhen a throw statement is located in a constructor. Kudos to @Dodge for your exemplary report. SONARJAVA-5392 -
@brother noted that one of the links in the rule description of
php:S1808could be more precise. You’re right! SONARPHP-1637 -
@brother also reported for the same rule, curly brackets of empty functions/methods should be abbreviated to “{}” on the same line, at least according to PER Coding Style. That means the current implementation raises false positives. SONARPHP-1638
-
Hopefully, we will someday detect commented-out code in Terraform. Thanks for the nudge @Bjego. We’ll track those requests here: SONARIAC-1968
-
csharp:S1172raises a false-positive when parameters are used in local function in a null-conditional or null-coalescing statement.
We’ll fix that. Thanks @Trisibo. -
Shoutout to @Jotiram_Chavan for suggesting a rule to avoid Using
Stream.toList()if the List is modified after creation. SONARJAVA-5382 -
java:S2589mistakenly associates a NonNullable annotation on a type parameter to the owner type, leading to false-positives. Thanks for the report @nelkahn! SONARJAVA-5389 -
Automatic Analysis for C/C++ is super cool, but can occasionally lead to false-positives like this one on
c:S4423noted by @randomek. Thanks a lot for the report! CPP-6204
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own shout-outs below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.