Hello Sonar Community!
It’s been a big week here in the Community, with lots of help and guidance from you, our members, to improve our products and your experience with them.
We’re grateful when you take the time to do that, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarCloud:
-
On SonarCloud, analysis is failing to use the main branch cache for the first non-branch analysis. Thanks @ADGB for helping us discover the issue
-
There’s also a duplicate key error when trying to search for projects reported by @PeterBa. We think the issue is probably caused by a race condition we need to address. Thanks!
-
Having 0 lines to cover is a different thing than not having a coverage report. Unfortunately, the UI lost sight of that, much to the (understandable!) confusion of @Ivan_Ribakov. We’ll get it fixed.
-
For some users, after renaming the main branch of their project, the report submission on this branch starts to fail. We’ll get that fixed. Thanks @pqsk!
-
Several users, including @warwick-CER, @marcello, @geoffcraig, @Jesse, @AdamWyzgol, @twenzel, @maggisig, @johanb, and @groogiam reported a bug when analyzing Razor files. The fix should be deployed early next week.
SonarQube:
-
We updated the
LATESTtag for the SonarScanner for CLI Docker image this week. Necessary permissions changes in the image led to problems for some users. Thanks to the quick reporting from @Tanish_Jain, @MaxAtBelmond, @pazeltma, and @maosmurf, we had a workaround (thanks for that, @maosmurf!), a new image, and updates to the docs the same day! -
Speaking of docs, our documentation could explain better that automatic user/group provisioning with GitLab is only available in the Enterprise Edition. Thanks for the heads up @mastacheata!
-
Cleverly, @mbastardo.excentia figured out how to selectively make the blame data go away in SonarQube. Since that’s not supposed to happen :sweatsmile:, we’ve created SONAR-22265.
SonarLint:
-
Outgoing links aren’t working right in SonarLint for Eclipse. Thanks for the report @anon82108692. SLE-868
-
In SonarLint for IntelliJ, we should avoid throwing an error when retrieving a file’s contents. Thanks @Venkat_G! SLI-1425
-
Thanks @Gallo_Alitalia for reporting a stacktrace that resulted in bug ticket SLI-1426.
Rule & Language Improvements:
-
Kudos to @alexander.nikiforov for suggesting a better recommended solution for
java:S2755! SONARJAVA-4982 -
As reported by @dougw, the ARIA “img” role should be allowed on SVG images, and not raise a false-positive for `S6819. Thanks! SONARHTML-252
-
Thanks @Anish_Gupta for showing us that we don’t do a great job detecting Azure DevOps secrets in certain formats. We’ve created an internal ticket to research this more.
-
cpp:S5416is raising false-postiives on function types with attributes. Thanks for the discussion @jpmugaas. CPP-5345 -
We already knew that
java:S2095misses some DB connection leaks, but @f-delahaye found a few more for us. We’ve added them to SONARJAVA-4891 -
To be honest, we fumbled a bit on this one. @Hammond95 reported problems with Go test resolution quite a while ago. With prompting from @Mohit_Chaudhary and @farruda we finally made time to dig in to the issue. It’s still not clear what’s happening but we’ll dig deeper with SONARSLANG-647. Thanks very much to all three for the report and the persistence.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.