Hey all,
Happy Thanksgiving! 
We’re thankful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Server:
- A number of e-mail notifications are broken in SonarQube v10.7. We’ve identified the problem, and it will be fixed in the next release with SONAR-23719. Thanks, @haugsrud and @jmaitla8, for the reports.
SonarQube Cloud:
- v0.2.0 of the sonarcloud-quality-gate Bitbucket Pipe didn’t get tagged. We’re working on that. Thanks @christoph and @gzub-ms!
SonarQube for IDE:
-
Thanks @prajoth89 for reporting a noisy SonarQube for IntelliJ error that we should find a way to suppress. SLI-1734
-
It’s confusing that C/C++ analysis for SonarQube for VSCode requires a compilation database generated by a build wrapper that is possibly newer than what is on a user’s SonarQube instance (and has to be used for local or CI/CD analysis). We are going to improve the docs. Thanks @strife9129!
-
Shoutout to @UncleRaymondo for reporting a crash in SonarQube for Visual Studio. We’re still getting to the bottom of it but at least we’ve mitigated the worst of it. SLVS-1652
Scanners:
-
The SonarScanner for Gradle’s signature should be available on the Gradle plugin portal, as reported by @Daniel_Svensson. We’ll look at this soon. SCANGRADLE-190
-
Speaking of the Scanner for Gradle, sometimes it’s reporting that a failed analysis is actually a success. Thanks @sa-obgit-backend and @jerolba! SCANGRADLE-189
-
It appears that Test Project Exclusion breaks
dotnet buildwhen source generation is used. Yikes! Thank for the report @Mikkel. SCAN4NET-179
Rule & Languages Improvements:
-
Thanks, @Trisibo for highlighting a false-negative for
csharpsquid:S1449! -
java:S1871should consider variable identity when testing branch equivalence. How confusing when the same variable name refers to different things! Thanks @jpmartins and @dandoy for the discussion that led to SONARJAVA-5216. -
For a number of reasons, hard-coded credentials in
web.configfiles are handled by our .NET analysis, which doesn’t have all the same logic as, say, our XML analysis (even though it’s all XML files). That resulted in a false positive identified by @mvillanueva, which we’ll fix in due time. Thanks! -
Python 3.12 has some new type parameter syntax to define a generic class, which is causing false-postives on the rule
python:S5644. Thanks for the report @lobsterkatie! SONARPY-2370 -
Shoutout to @throup for reporting a false-positive with
java:S1319when using certain methods fromEnumSet. SONARJAVA-5219 -
java:S2175raises a false-positive when dealing with generics with unknown bounds. Thanks @geoffreywiseman! SONARJAVA-5218 -
We discovered that using
lombok.valcan sometimes break our advanced bug detection analysis, thanks to a report from @mmoayyed! -
We should do a better job documenting when
java:S115will apply. Thanks @Witaskule! SONARJAVA-5222
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.