Hi all,
This week’s roundup comes with extra enthusiasm because the entire community team was actually in the same place at the same time (rare sighting!). We spent the week in Austin, Texas discussing all things community, and let’s just say the energy is high and the to-do list is long.
As always, we want to take a moment to recognize everyone who sparked interesting discussions and gave us valuable feedback to drive continuous improvement.
This Community:
- Dark mode mysteriously disappeared from the community forum, as @Corniel noticed. The dark color palette had somehow vanished, but for now we’ve restored something good enough while we restore the old colors. Thanks for the call-out! I’m not a dark mode user, I never would have known!
SonarQube Server & Community Build:
- AI CodeFix error messages were really confusing when @llyderino’s self-hosted LLM hit its rate limits. The error said “Your organization has reached the monthly usage limit” when it was actually the self-hosted LLM’s own limits. We should update the error message in this case, and we will. Thanks!
SonarQube for IDE:
-
Multiple users (@thedailycommute, @fnke, @skyblackhawk1, @fedejeanne) reported issues when SonarQube for Eclipse raised duplicate key errors when multiple issues shared the same tracked issue ID. We created SLCORE-1589 to fix this. Thanks!
-
File exclusions aren’t working in SonarQube for Rider on Windows, as @groogiam discovered. Despite configuring directory exclusions through the UI, excluded files are still being analyzed. We’re working on a fix!
SonarQube Cloud:
-
Creating scoped organization tokens with 70+ projects failed with 500 errors, as @BansalGaurav and @Yuriy_Kuharchuk discovered. A fix was deployed and tokens can now be created with larger project scopes.
-
.NET Automatic Analysis failed for @ale-assetworks with a duplicate key error for their project. We now have a ticket created to better handle this.
-
GitHub Actions integration documentation confused@balazs-hosszu_adn when they found conflicting information about
GITHUB_TOKENrequirements. The issue was viewing old SonarQube Server 8.9 docs instead of current SonarQube Cloud docs. We’ll look into adding warnings when viewing outdated documentation like our old docs site used to have. Good feedback!
Rules & Languages Improvements:
-
csharpsquid:S2589incorrectly flags the null case in switch expressions as unreachable when all other cases are covered, as @lg2de discovered. While technically the last arm is implicitly a discard pattern, we agree an issue shouldn’t be raised and added it to the backlog. -
typescript:S7763conflicts with named default exports, as @landisdesign pointed out. The rule suggests using default directly, but this prevents IDEs from tracking name changes when default export names are updated. JS-888 was created to add an exception. Thanks! -
csharpsquid:S1751incorrectly flags continue statements as reducing loop iterations, as @dalestan reported. Sincecontinuenever reduces iteration count (unlikebreak,return, orthrow), the error message doesn’t match the behavior. Added to the backlog! -
java:S5194’s documentation needs improvement, as @MisterPi noted. The compliant and non-compliant code examples don’t match up. We created SONARJAVA-5789. Thanks! -
javascript:S6544doesn’t understand thatPromise.prototype.finally()awaits returned promises, as @Ginden discovered. The rule should treat.finally()like.then()per the ES specification. JS-898! -
javascript:S7728’s suggestion to usefor...ofsparked debate when @zburke pointed out the rule doesn’t account for needing index or array parameters. The team addedlist.entries()examples to the documentation and lowered the rule’s impact to “Low” (see the PR here!) -
typescript:S7749incorrectly flags valid numeric literals with thousand separators like1_000and5_000, as @Thilo discovered. A fix is already merged for the next release. Thanks! -
java:S2440raises false positives when the analyzer can’t resolve full class hierarchies, as @CMM reported. SONARJAVA-5793 was created to handle unknown class hierarchies better. -
.NET
app.configfiles aren’t being fully covered by secret detection, as @khushant-dhingra discovered. Whileweb.configfiles triggercsharpsquid:S2068,app.configfiles don’t. We’ll fix this!
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!