Hi all,
It’s been a lovely week here in North Georgia, with dry air, warm days, and cool nights. Living in the South means there’s not much of the year where it’s comfortable to keep the windows open, but drifting to sleep every night to the sound of the crickets and cicadas has been lovely. Meanwhile, @leith.darawsheh has been in the Geneva office with @Colin this week, so they had plenty of quality time together.
On the Community side, it’s been a quieter week. We’ve finally settled on what seems like an effective way to fight the spam wave that started at the beginning of the month, so we’ve turned new-user approval back off and hopefully, everything can get back to normal now.
And like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
- Based on the documentation, @wklinefelter had the reasonable question of whether the GitLab project integration should be reporting all issues back to GitLab, rather than just vulnerabilities. It’s just vulnerabilities, so we’ve updated the docs. Thanks!
- @Rom was having problems using SonarScanner for NPM with a SonarQube instance behind a proxy. Thanks for the report. SCANNPM-47 will help.
SonarCloud:
- @ccyiannis, @betorvs, @phildizzle helped us find a cache-related problem in our common analyzer for (among others) Go and Ruby. We’ve rolled that version back and are working on a permanent fix. Thanks all!
- We rolled out new pricing editions on SonarCloud this summer, but when @headWingman tried to upgrade to one of them, our form wouldn’t let him.
Good call-out! It’s fixed. - When you set a new Azure DevOps PAT, nothing (obvious) happened. There was no confirmation, no page refresh, and no real way to know it worked, as @Maneeshcdls pointed out. It’s a great observation, and we’ve reworked the flow to add feedback.
SonarLint:
- SonarLint for Eclipse was freezing with Gradle projects. @benjaminbartsch’s bug report led us to not only fix the crash but also improve overall performance with SLE-934, which will be in the next release.
- You can ‘accept’ an issue in SonarLint, even if it hasn’t been raised on the server yet. But only if your permissions are in place. If they’re not, @lpmsi found that we don’t really tell you what’s going on. SLI-1604 can’t fix your permissions, but at least you’ll know why it isn’t working.
Rule and Language Improvements:
- We don’t support the .NET
Insight.Database.Corepackage, so @Tamanna let us know that we missed a SQL injection using it. Thanks. We’ve created an internal ticket for this. - @westtrihar noticed we weren’t reporting duplication in his SCSS files, even though SCSS is recognized and analyzed as CSS. As it turns out, we just don’t perform duplication detection for CSS at all. We’ve added this to our internal tracking for consideration.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.