Hello Sonar Community!
Like every week we want to spend some time saying thanks to everyone who prompted interesting discussions and gave us feedback on Sonar products that will help us continuously improve.
SonarQube
- @aikebah let us know that SonarScanner for Maven 3.10.0.2594 broke integration with Maven encryption. MSONAR-217
- Our Azure DevOps task is getting a little age on it, as noticed by @gizmohd. We created VSTS-356 to release a new major version.
- Analysis uploads the scanned code to SonarQube, but we’re not terribly explicit about that in the docs, which left @MisterPi wondering. Thanks for pointing it out! We’ll get the docs updated.
- @harrydayexe and @jonathanmedd had a need to set up PR analysis in a non-standard way, but were struggling make it work without explicit documentation of the
envvarsused to detect that it’s a PR. We’re going to update the docs. - SonarQube 10.4 has a hard-coded path for
saml.png, so it’s not served if you’re using a web context. Nice find @suhas-arcadis and @VDubrovenski! This is already fixed for 10.5.
SonarCloud
- Given how many of our own developers love dark mode, it’s hard to understand how we overlooked how bad PR decoration looks on Azure DevOps in dark mode.
Thanks @jerone! We’ll get it fixed. - In late January, we implemented a change to speed up analysis by only downloading the analyzers for the languages in the project. Analysis still works as it should, but @turkeytrot22 noticed that along with the change we inadvertently messed up the analyzer list that shows up in the SonarScanner Context for the analysis. We’ve created an internal ticket to fix the reporting.
- @Nati was the victim of a race condition when two near-simultaneous commits triggered automatic analysis on his project and the wrong one finished first. We can’t fix racing, but we’ve created an internal ticket to give better error messages when it happens.
SonarLint
The release of SonarLint for IntelliJ 10.4 was rough for everyone. The 10.4.1 update late last week helped, but some people continue to have problems. We appreciate your patience and all your reports. Both things are helping us get this sorted out as quickly as possible. For some errors we’ve created tickets and the rest we’re still investigating.
-
10.4.1 has solved a lot of problems but at least one still remains, as reported by @TasMot. SLI-1329
-
@Beat reported that synchronizing to his connected SonarQube instance was taking hours in SonarLint for IntelliJ 10.4.1. SLCORE-753 will be fixed in the next release.
-
It’s understandably frustrating to have to re-set the same rule properties each time you start your IDE. Thanks @Rodrigo_Capile. We’ll fix it with SLI-1338.
Rule and language improvements
- @stdedos found that it took analyzing his Python project and getting an analysis warning to learn that
sonar.python.versionexists. Why wasn’t that property settable in the UI? An oversight, it seems. SONARPY-1686 - We say we support Wind River GCC compilers, but we missed supporting the C++ compiler targeting the ARM architecture. Thanks @dkerrisk! CPP-5154
- DRY is a key principle, but @tejassmeshram reported that we aren’t supporting it in Helm charts that extend base charts. SONARIAC-1273
- @rfennell noticed that parsing Azure Bicep files fails when the body starts with a comment. SONARIAC-1383
- It makes no sense to decorate an abstract attribute with
[AttributeUsage], according to @Corniel, despite what S3993 calls for. We agree. So we’ve already merged the PR he was gracious enough to provide. Thanks! - Namespaces are URIs, but they don’t access the Internet, so they should be exempt from S1075, according to @mgbrown. Well spotted. SonarSource/sonar-dotnet#8967
- @fkh and @karmann-dm noted that support for CheckStyle reports doesn’t include importing issues raised by custom rules. We’ve created SONARJAVA-4916 for it.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.
Ann, @Colin, and @leith.darawsheh