Hi all,
I know a lot of you are off for Good Friday today and will be celebrating Easter on Sunday. At SonarSource, we’ll all wishing those of you who mark the day a blessed Good Friday and an early Happy Easter. (And enjoy the chocolate! I know I will! 
)
And now, like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback to drive continuous improvement in our products.
SonarQube for IDE
-
@oktayrapsodo hit a
ClassCastExceptionin SonarQube for IDE 11.15 in JetBrains Rider 2026.1. Thanks for the report! It’s been fixed in version 12.0.1. -
@lakesol, @aigjsmith, @baynezy, and @groogiam reported that SonarQube for IDE also fails in Rider 2026.1 with a
NoSuchMethodErrorforgetCliExePath(), an API removed in that version. We declared an incident and released a fix in version 12.0.1.
SonarQube Cloud
-
@akumbhar, @kenyoungdispel, @cjakins, @muenchdo, @geuken, @twapaw, and @ThisIsMe let us know about a spurious “Error retrieving entitlements” warning appearing in CI analysis logs since February. The fix has finally made it to production, and we apologize for how long it took to get there.
-
Repositories imported from GitLab display only their short names rather than the full namespace path, making similarly-named repos in different subgroups look identical. Thanks @Denis_Laletin! We’ve logged this internally and are working on a fix.
-
@ggjulio provided a beautifully thorough report, correctly identifying a 400 error when importing large hierarchical CycloneDX SBOMs via
sonar.sca.sbomImportPathsas a payload-too-large limit rather than a bad request. We’ve raised the SBOM import file size limit to 50 MB, and documentation updates are in progress.
SonarQube Server / Community Build
-
GET /api/system/infofails on IPv6-only hosts whenjava.net.preferIPv6Addresses=trueis set, because SonarQube’s internal inter-process communication uses127.0.0.1instead of the IPv6 loopback. Thanks @rherold! We’ve reproduced the bug, and we’re tracking a fix. -
@rahul.phatkare flagged that upgrading to SonarQube 2026.1.0 triggers a persistent “The license installed doesn’t include support” warning in the administration tab. SONAR-27154 will fix it in 2026.3, and we’ll backport it to 2026.1.3 LTA too.
Scanners
-
We got a detailed report from @esinoheh on SonarScanner for .NET 11.x failing with a
Newtonsoft.Json MissingMethodExceptionon self-hosted Azure DevOps agents when an older version of the library is present in the Global Assembly Cache. A hotfix (SonarScanner for .NET 11.2.1) is now available, with the Azure DevOps extension update to follow early next week. -
@peter.toft let us know that
SonarSource/sonarqube-scan-actionwas still running on Node.js 20, which GitHub Actions will retire in June. Version 7.1.0 is now out with Node.js 24 support, and users on thev7tag get the update automatically.
Rules & Languages
-
csharpsquid:S1144incorrectly flags C# 14 extension blocks as unused private constructors in SonarQube for IDE, as @groogiam pointed out. The plugin’s bundled OmniSharp uses Roslyn from the .NET 8 era, which predates C# 14 syntax. We’ve forwarded this to the IDE team, and suppressing the issue inline is a safe workaround in the meantime. -
@pdconant flagged that PR analysis started failing with “Analysis of JS/TS files failed” after files with Macintosh-style
\rline endings were introduced. A CSS analyzer regression had started surfacing parse errors it previously skipped silently. A fix has been merged and is tracked in JS-1523. -
Raising
csharpsquid:S4039on interfaces that provide explicit default implementations of base interface methods is a false positive, as @lg2de explained. Since such interfaces cannot be markedsealed, the rule’s suggestion is impossible to follow. We’ve confirmed this and are tracking a fix internally.
Thanks again to everyone mentioned here - and to anyone we may have missed - for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann