Hi all,
I’m back from Eurovision, and my hotels are already booked for Austria next year. Did you watch? 
For a brief moment, I was on screen during the grand final (a video I took last year in Malmo)!
As always, we want to take a moment to recognize everyone who sparked interesting discussions and gave us valuable feedback to drive continuous improvement.
SonarQube Server & Community Build:
-
A bug on the GitHub side made us put our rollout of GitHub IP Allow List features on hold after @copy let us know they were being blocked from automatically keeping their workflows up to date with the latest actions. Thanks for the ping!
-
@xuhuisheng has long been a faithful localization maintainer (the Chinese pack) but they’ve had a little trouble backfilling the Community Build translations since our recent repackaging because version tags are missing on the repo we moved the strings to. We’ve done some backfilling of our own, and will try to do better going forward.
SonarQube Cloud:
-
@oliver-sintaj_comap’s quest for lists of AI CodeFix rules prompted us to update the docs with that. Thanks for asking!
-
@gilday let us know the Security Hotspots search endpoint had suddenly started returning 500 errors.
This pointed to a broader issue with anonymously accessing SonarQube Cloud and led to us raising an incident. Thanks! It’s fixed.
Rule & Language Improvements:
-
We love it when you tell us what we’ve done wrong. (Really!) We love it even more when you help us fix it. So big kudos to @gtoison for his PR - tests included! - fixing a crash in
DefaultInitializedFieldCheck. -
Currently,
kotlin:S6517advises you to add thefunprefix to an interface with default values. Unfortunately, that won’t compile. Doh! Thanks @tadjan! We’re on it. -
Our quick fix for
csharpsquid:S6966won’t compile. Even worse, it seems the underlying issue itself is a false positive.
Thanks @rcocks-hl! We’ll get it fixed. -
@Corniel suggests a new rule to avoid runtime problems with generic attributes. We think this is a good idea & have added it to the backlog.
-
pythonenterprise:S7189advises caching fordataframes used in a loop. But as @thomas.schouten points out, that doesn’t make sense when thedataframeis modified in the loop. Well spotted! SONARPY-2970 -
@thomas.schouten also noted that
pythonenterprise:S7189raises an issue whendataframecolumn names are accessed. But that doesn’t justify caching either. SONARPY-2971 -
@PythonDeveloper struggled a bit with Python duplication detection, in part because there’s a curve ball in the naming of the duplication configuration parameters. The pattern is
sonar.cpd.[language key].[parameter]for most languages, but the Python language key ispyinstead of thepythonyou would naturally expect. We’ve updated the docs to be clear about that. -
@PythonDeveloper also noticed a false-negative in
python:S2201. SONARPY-2949 -
The docs offer
CodeCoverage.exeas a viable path to reporting C# coverage, but it’s deprecated, and not actually needed any longer. Sorry @milbrandt! We’ll get the docs fixed. -
All the way back in January, @Carsten_Strauch reported a false-negative on
java:S2755where simply adding a logging annotation causes an XXE vulnerability to not be reported. Yikes! SONARJAVA-5577 -
We’re lagging on our Swift 6 support, which has been noted to us by @GeekOnIce, @RolandG, @Dario, @dah, and @sri_sundhed. We’ve heard you, and we have some medium-term plans to work on this. SONARSWIFT-617, SONARSWIFT-619, SONARSWIFT-620. Also don’t hesitate to schedule a meeting with PM @agigleux to share your pain!
-
kotlin:S6516isn’t working correctly when the Java functional Interface instance is referenced. Thanks @ATTATRA. We’ve created a ticket to fix this false-positive.
Scanners:
-
@Vampire found that you can’t abort a Gradle analysis. Leaving aside the question of why on earth you would ever want to…
We agree that it should be something you can do. Thanks! SCANGRADLE-231 -
sonar.analysisCache.enableddoes not work with the SonarScanner for .NET. We plan to improve that, but that limitation is nowhere in the documentation as noted by @edgarkz. Docs are fixed. Thanks!
Other:
- Certain Favicons spread across our products and even our documentation site aren’t working in Firefox. We’re not sure why that could be, but we’re investigating. Thanks @AlekseiM!
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!