Hi all,
As always, we want to take a moment to recognize everyone who sparked interesting discussions and gave us valuable feedback to drive continuous improvement.
SonarQube Cloud:
- Project key naming conventions raised questions for @jpalomaki, who wanted to work around SCANMAVEN-268 by using prefixed project keys instead of the suggested
groupId:artifactIdformat. While the SonarQube Cloud UI suggests following Maven coordinate format, this is actually just a recommendation—arbitrary project keys work fine as long as they meet the basic requirements. We’ve updated the tooltip in SonarQube Cloud to reflect this. Thanks!
SonarQube for IDE:
-
A tiny but important fix: @Gameplushy spotted that the Quick Fix tooltip on rules.sonarsource.com still mentioned “SonarLint” instead of “SonarQube for IDE.” We’ve gone ahead and fixed this. Thanks for the sharp eyes!
-
VS Code proxy configuration caused connection issues for @edulisarwen when trying to connect to SonarQube Server. The solution involved adding proxy settings to
sonarlint.ls.vmargsand manual connection configuration. The team will add this to the documentation.
Rules & Languages Improvements:
-
csharpsquid:S1168incorrectly reports on value types like struct collections, as @Corniel demonstrated with a customBitsstruct implementingIReadOnlyCollection<int>. The rule should only flag reference types returningnull, not value types returningdefault. Added to the backlog! -
C#
try-catch-finallyvariable tracking confused analysis when @Juxe assigned values in catch blocks that were later used in finally blocks. The “useless assignment” false positive was traced to assignments in finally blocks interfering with the analysis. We’ll get that fixed! Thanks! -
java:S3457crashes with aNullPointerExceptionwhen analyzing certain logging patterns, as @thaarbach1 and @grimsa discovered. After providing a solid reproducer involving enum parameters in SLF4J logging, SONARJAVA-5759 was created to fix the crash. Thanks for the reproducer! -
Kotlin analysis caching mysteries were reported by @sonardroid, who discovered that PR analysis was taking 23+ minutes despite only 4 files being changed. After extensive investigation, we figured out that Kotlin caching was essentially disabled due to buggy fixes in previous versions. A ticket was added to the backlog to properly restore this feature!
SonarQube MCP Server:
- SonarQube MCP Server configuration for GitHub Copilot Agent needed some clarification, as @Lucas_Guedes worked through the setup. After sharing the working Docker-based configuration, the team created MCP-120 to update docs with GitHub Copilot Agent examples. Great community contribution!
Thank you again to everyone mentioned—and to those we may have missed—for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!