Hi all,
This will be the last Community Roundup I post, as today is my last day at Sonar!
It has been a genuine pleasure to serve this community over the last many years. I’ve had the privilege of watching this community grow and evolve. It has especially been a pleasure to do it alongside @ganncamp—an incredible colleague and friend.
Sonar has been my home for the last 7 years. I’ve found my next adventure in a very similar role, and I’m excited to take everything I’ve learned here into this new chapter.
Thank you for your thoughtful discussions, your patience with our processes, and your dedication.
To me, what makes this community special is that rarely are any of you being forced to use SonarQube. Many of you have chosen to be here (okay, some of you probably got told by a VP of engineering you have to use us, but what stopped you from setting sonar.exclusions=**/*?) You choose to care about code quality and security. You choose to spend your time writing detailed bug reports and pushing us to be better.
A little over 2 years ago we were wrestling with the question of how we could acknowledge our users, and we decided that we could start by just saying “thanks”. That’s how this roundup came to be.
So – like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback that drives continuous improvement in our products.
SonarQube Server & Community Build:
-
The project search box gets a bit cramped on narrow windows, as @mbastardo.excentia spotted. A ticket has been created to fix the search input component. Thanks!
-
@gquerret found a missing translation in the quality profile “Rule breakdown” table.. We’ll have it fixed in the next release. Thanks for the report!
SonarQube Cloud:
-
Thanks to @Arshad_Zameer, @MarkMcCulloh, and @tb00-cloud for reporting webhook delivery failures starting November 18th. This turned out to be a network issue on our side, and a fix has been deployed. Note: if you have an explicit IP allow-list, you may need to update it per the docs.
-
@chris_gridline patiently worked through analysis errors after migrating from Bitbucket to GitHub. The project bindings weren’t being properly cleaned up during the transition—we’ve now fixed this so you can update bindings properly. Thanks for sticking with us!
-
Big news for Scoped Organization Tokens: you can now create tokens that apply to ALL current and future projects in your organization, plus edit existing tokens to add or remove projects. Thanks to @IGx89, @pnyheim, and @VolkerHartmann for quickly reporting edge cases with GitHub PR analysis and Quality Gate status checks—both have been fixed.
Rules & Languages Improvements:
-
shelldre:S1481flags variables passed by reference as unused, as @Fred_D discovered. A ticket has been created and we’ll tackle it in our next hardening sprint. Thanks! -
@nathancsys asked about handling coverage for multiple builds with common modules. While we offered some workarounds, this also led to CPP-7363 being created to support multiple build directories in
sonar.cfamily.gcov.reportsPath. Thanks for the feedback! -
java:S5960reports on assertions in production code, but relies on package names containing “test” to identify test code. @mfroehlich pointed out that test code doesn’t always live under such packages, and the rule could be smarter about recognizing methods annotated with@Test. We agree! SONARJAVA-5879 -
After a recent change to align with MISRA C++:2023,
cpp:1006became too strict about default argument values. Thanks to @lorenzo.buzzi for flagging this—we’re reverting to the previous, less stringent behavior for general-purpose software. -
csharpsquid:S2325suggests making members static when they don’t access instance data, but @andre-ss6 pointed out this doesn’t account forDynamicallyAccessedMembersAttribute, where changing modifiers could be a breaking change. A ticket has been added to the backlog. Thanks! -
@ajaymalhotra reported that
web:S6819incorrectly flagsrole="region"on Angular Material components like<mat-card>, even when properly labelled witharia-labelledby. This is a valid WAI-ARIA pattern when you can’t control the host element. A fix is already in the works! JS-960
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
As for me, I think I’ll be taking a break from the Sonar Community for a while, but I’ll never say that I’ll never be back. 
If we were working on something here – don’t worry, @ganncamp will be monitoring my notifications for a while.
Colin