Hey all!
Thanks for another great week in our Community. The Community Managers at Sonar celebrated 3-years of Community Management at Sonar all together in the Austin office with cake!
We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Server (formerly known as SonarQube):
-
A small screen resolution can cause the issue resolution popup to not be completely visible. Thanks @cats1208! We’ll fix that with SONAR-22163.
-
@AndrewDucker pointed out that GET api/measures/component should be returning project keys instead of UUIDs for applications. Thanks a lot! SONAR-23567
-
@scmbuildguy reported problems with setting up monorepos in 10.7. We’re working on the non-mono-repo version of that page right now, so we’ll make sure that gets addressed too.
-
In SonarQube 10.4, we created a table to normalize rule tags. A sub-optimal index on the table created performance problems for @Squixx. SONAR-23571 will fix it.
SonarQube Cloud (formerly known as SonarCloud):
- Folks who are using the very latest version of NodeJS (23) are facing issues with JRE auto-provisioning while using the Scanner for NPM. Shoutout to @Patrice_Scribe for letting us know! SCANNPM-55
SonarQube for IDE (formerly known as SonarLint):
-
For as long as I can remember, users have reported
Symbol building is not allowedfrom CLion when using SonarQube for IntelliJ. We have written these errors off before as unrelated to SonarQube for IntelliJ itself, but it’s time we did something about them. SLI-1675 will try to address this. Thanks for the final push, @Marco_Arnaboldi and @Logan_Barnes! -
After @Pigelvy bribed the developers last week with coffee flown in from exotic locations, we released the feature this week to allow IntelliJ users to choose their own JRE.
He then pointed out that we haven’t updated the docs yet for that. Thanks for keeping us honest! It’s on the way. 
Rule & Languages Improvements:
-
A few months ago we created a ticket about
typescript:S2187not supportingit.eachin Vitest. Thanks @Ellosaur for calling out that JS-180 should also fix this for Jest! -
We should remove from the list of deprecated tags called out by
Web:UnsupportedTagsInHtml5Check. Thanks @eniallator! JS-386 -
python:S3801should handle match statements correctly. Thanks @jonesalk! SONARPY-2299 -
typescript:S6767should not raise an issue when the fields of a component props object are only accessed through object destructuring. Thanks @richardshephard1! JS-393 -
java:S6204should suggest filtering for null before collecting as a replacement of Collectors.toUnmodifiableList(). Thanks @MonkeyFist! SONARJAVA-5162 -
java:S1144should not raise on method sources listed in arrays. Thanks @joaocotralha! SONARJAVA-5160 -
@timVarl found that duplicate compilation database entries with -E causes SonarQube for IDE analysis to be skipped. Thanks! CPP-5846
-
Secrets analysis relies on SCM metadata. So if you don’t have JGit installed you get an ugly stacktrace in your (otherwise successful) analysis log. Thanks @jtrillma! SONARTEXT-233 will fix it.
-
It doesn’t make sense that
cpp:S4423asks developers to use stronger SSL/TLS connections when usingsftpwhich usesssh. Thanks @Vincent.W! CPP-5854
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.