We released SonarQube Server 9.9.8 this week. Normally, that wouldn’t rate a mention here, but 9.9.8 is a little special. It includes SONAR-23213, which lets an instance admin prep a 9.9 instance for migration to the next LTA by pre-running some of the database migration. 
We also released SonarQube Server 10.8 and SonarQube Community Build 2024.12, the first iterations of the new packaging announced recently. Right off the bat, @Tokunaga let us know that we’re not quite done with the repackaging 
, so we’re planning a bug fix of SonarQube Server 10.8 next week.
We’re grateful for that early flag, and for every time you give us feedback. So like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube Cloud:
- @tlogik questioned the order of the steps in our docs for setting up analysis with Azure DevOps. Turns out he’s right; the
Cache@2task should come beforeSonarCloudPrepare@3. Thanks! We’ll get the docs fixed.
SonarQube Server:
- The SAST report is only available in commercial versions. @ShinyDhas let us know that unfortunately, the analysis tutorial in SonarQube Server 10.7 Community Edition analysis tutorial for GitLab includes using it. We got it fixed for SonarQube Community Build 2024.12 SONAR-23880
Rule & Language improvements:
- In complex exception-handling scenarios involving loops,
csharpsquid:S2259sometimes carries the final loop value farther than it should, causing a false-positive. Thanks @spsarras! We’ll get it fixed. - When
java:S1948raises an issue, the suggestion is to make the field (in aSerializableclass) either transient or serializable. But as @MisterPi pointed out there’s a third option:static. We’ll update the rule with SONARJAVA-5238 - The
@SuppressWarningsannotation is supposed to… suppress… warnings. But it doesn’t always in Scala code. Thanks @yarosman! SONARSCALA-35 - Some of our JavaScript rules assume the latest version of ECMAScript, and recommend (require?) its syntax. But @Gia is working in an earlier version of ECMAScript, and that syntax isn’t available. With JS-483 we’ll look at making rules version-aware.
- @DamienCassou let us know that
javascript:S2004raises an issue when test suites are organized with multiple layers ofdescribe(). Since it’s a way of grouping tests, we agree that it doesn’t really add complexity. JS-486 - On a roll, @DamienCassou also pointed out that you can’t use ESLint comments to disable issues when they’re raised at the very beginning of a file. JS-484
- Similarly, @gskyarts found that you can’t deactivate
javascript:S1135, thetodorule, with ESLint comments because the name of the rule includes “todo”, thus re-raising the rule. Recursion, anyone?
JS-485 javascript:S6759crashes if youreturnoutside of a function. Thanks @ej612! JS-487
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.