Sonar Community Roundup, March 23 - March 29

Hello Sonar Community!

It’s been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them. We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.


  • @pwitvoet let us know about a particularly irritating UI glitch in the Security Hotspots UI that kept re-selecting the first Security Hotspot in the list - even when it wasn’t the one he was trying to mark ‘Safe’. SONAR-21900 is already fixed for 10.5.
  • Speaking of UI glitches, @Mikaciu shared that links in the Overall tab of the homepage for non-main branches don’t keep their non-main-ness. SONAR-21600
  • @Valentijn’s build agents are using Java 21, which isn’t supported by the SonarQubeAnalyze@5 task. We’ve created an internal ticket to allow the option.
  • It’s a corner case to have a duplication between the built-in tags on a rule and the ones added manually. @Nicolas_Alcaraz encountered it nonetheless, and found that it blocked the DB migrations during his upgrade. SONAR-21920
  • @aravindnss pointed out that SonarQube APIs are case-sensitive. Sometimes. Oops. SONAR-21933


  • Early this week @ajtribick pointed out that the GitHub action we’ve provided for C and C++ analysis produced a Node.js 16 deprecation warning, and reminded us that a community PR to fix it had been open for well over a month. This became even more significant with our mid-week announcements (1) (2) that SonarCloud’s Node.js 16 support will end next week. Thanks for the nudge; it finally got us moving! :sweat_smile:
  • A few weeks ago, @sme shared the extraordinary efforts he goes to to make sure that PR analysis succeeds even when the underlying project hasn’t been created in SonarCloud yet. He didn’t ping us to complain about that; he just wanted help perfecting his workarounds. :muscle: But it shouldn’t be that hard, so we’ve created an internal ticket to improve the situation.


Once again this week, we want to thank SonarLint for IntelliJ users for their ongoing patience as we continue to sort out the issues with the 10.4 release.

Rule and language improvements

Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.

Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.

Ann, @Colin, and @leith.darawsheh