Hi all,
Like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback that drives continuous improvement in our products.
SonarQube for IDE:
- @Pasc let us know that the Kubernetes analyzer is a bit chatty in SonarQube for IntelliJ. The fix should roll out next week.
SonarQube Cloud:
- Thanks to @aidask and a number of other users over the past couple months, users of Azure tenants with a verified domain will no longer have to verify their email addresses for SonarQube Cloud.
Scanners:
- Not all analysis properties are available at pipeline configuration time. @steve-todorov thinks SonarScanner for Gradle should read
Provider<?>properties. We’re on it! SCANGRADLE-318
Rules & Languages Improvements:
- A big thank you to @Improve1785 for catching an issue where the HTML scanner was incorrectly handling Twig comments (
{# ... #}) to raise false-positive “Duplicate id” issues on commented-out elements. Keep the great reports coming! SONARHTML-141 - Back in August (
) @Rob.Wijs let us know about a PL/SQL parsing issue with the EDITIONABLEstatement. Your detailed report was very helpful, and we’ve created a ticket to track this fix. java:S6816raises an issue for a missing parameter@Valueeven when the parameter is@NonNull(and can thus never be missing). Thanks, @ahubold! SONARJAVA-5866- Talk about visiting the sins of the father! @lrozenblyum reported that
java:S2638raises an issue on a child class if its parent violates the rule. We’ll fix it with SONARJAVA-5865 java:S5961counts.ascalls as assertions, and @ico doesn’t think it should. As it happens, we agree! Thanks for the report! SONARJAVA-5873- @felipebz discovered a performance issue in
web:S5260with largecolspanvalues. Well spotted! SONARHTML-330 python:S7502raises a false positive when type hints are used. Thanks @MarshTheBacca! We’ve created a ticket for it.- @RJM pointed out that
csharpsquid:S1144doesn’t seem to recognize C#14’s new extension syntax. Thanks! We’re on it. typescript:S1541doesn’t handle the nullish coalescing operator correctly. Thanks @fniessink! JS-955- Historically, Java analysis hasn’t done well with Lombok, and @lrozenblyum found another case involving
java:S1874and generated getters. SONARJAVA-5877 - @marc.free pointed out that
web:S6853doesn’t recognizeasp-for. We’ll get it fixed. SONARHTML-331 - Per
csharpsquid:S2325, methods and properties that don’t access instance data should be static. Unless they’re WPF event handlers, that is. Thanks, @groogiam. We’re on it. - @emily.kinne was wondering about configuring analysis with her non-standard memory allocation functions. We think she shouldn’t have to, so we’ve added a ticket to the backlog to identify and support FreeRTOS memory functions.
- @Kirsten_Ray pointed out that it’s impossible to fix a
roslyn.sonaranalyzer.security.cs:S5144issue by following the instructions in the rule description; the issue just keeps being re-raised. Doh! The PR to fix it is already in.
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann