Hey all,
I admit that sometimes pulling together this roundup on Fridays is a bit of a chore. It’s another task among the many things that need to be done to close out the week. However, I also see it as a bit like practicing gratitude—a reminder that our Community is helping users and making our products even more useful.
Hey, while we’re here, did you notice that https://www.sonarsource.com/ got a refresh this week? A little less purple… and a lot more legible, in our opinion. We’d love to know what you think.
We’re grateful every time you give us feedback, so like every week we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
-
Analyzing monorepos have a few limitations depending on the DevOps platform being integrated with. After feedback from @Petr_Schukin, we’re going to look into consolidating this information in our docs to make it easier to find. Thanks for the feedback!
-
With automatic provisioning turned on, you have to jump through some hoops in SonarQube to determine a user’s group membership. This isn’t a great user-experience (if SonarQube says a user belongs to 2 groups, I should be able to know which 2 groups, whether I use automatic provisioning or not). Thanks for bringing this to our attention @andrew-garland.
-
In order to be more compatible with Gradle plugins that generate licenses for dependencies of a Gradle project, @Vampire suggested (and submitted a PR to) set POM information on all artifacts of the SonarScanner for Gradle. We’ll review this soon. Thanks! SCANGRADLE-156
-
Deactivated rules in inherited Quality Profiles are getting activated after an upgrade, which is very unexpected. We are on the case! Thanks @garlicbread and @vjohansen. SONAR-23184
SonarCloud:
-
SonarCloud suffered from a fairly significant outage on Tuesday, which was first reported by @semihbahadir and @seetharam. We apologize again for the disruption, and thank you for the reports.
-
We ought to align the behavior of the SonarScanner for NPM to automatically configure
sonar.working.directory
and not risk colliding with other directories. Thanks, @JackWhelpton for your detailed feedback! SCANNPM-49
SonarLint:
-
We really appreciate @Henning_Jay posting their workaround when SonarLint for VSCode stopped reporting issues. That is really in the spirit of Community - helping each other and is greatly appreciated! We also have some fixes on the way in the next release.
-
A discrepancy in how empty paths are handled on Mac/Linux vs. Windows caused a crash in SonarLint for VSCode, as reported by @Devin_11, @skylion, and @bealtis! Thanks to all. This will be fixed in the next release with SLLS-266.
-
It’s possible that some very old SonarLint Connected Mode configuration (where it was possible to connect to SonarCloud without an organization) results in an error today. @Le_Vu probably faced this, and we’ll handle this better with SLI-1612.
Rule & Languages Improvements:
-
Our PHP analyzer ought to support some newer features of PHP 8.2, like Disjunctive Normal Form Types, as reported by @stchrTIO. Thanks for telling us! SONARPHP-1533
-
javascript:S2699
is rasing false-positives when using thenode:assert
assertion library and also importingsinon
. Thanks for the heads-up @gian1200! JS-342 -
Always a pleasure to see our old friend (and former SonarSourcer) @Xav pop into our Community to tell us what we’re doing wrong. This week he reported a false-positive on
java:S1655
when Lombok annotations@Value
and@NonFinal
are used on theElementType.TYPE
. Thanks a lot Xav. SONARJAVA-5132 -
A big thanks to @CrushaKRool for his detailed rule suggestion this week. It’s encouraging us to investigate the GWT framework and SafeHTML more deeply. SONARJAVA-5131
-
@CrushaKRool is… crushing it, this week, and also reported a false-positive on
java:S3553
, which should not report on spring@Autowired
methods. SONARJAVA-5128 -
text:S6706
should still raise an issue when there is no whitespace at the end of the first line. Thanks @spiltcoffee! SONARTEXT-219 -
java:S5803
should support the IntelliJ@TestOnly
annotation, the same as it supports@VisibleForTesting
. Thanks for the idea @mtchll! SONARJAVA-5130 -
Sometimes this Community is simply a great place to talk through an issue, even if there’s nothing to fix in our analyzer. This week we saw that happen between @Taylor_Ackley and Sonar developer @eric.morand.
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.