Hey all,
Happy October! As we enter the final quarter of the year, we’ve been having an exciting week at Sonar.
-
We welcomed @steve.chen to the team, our newest Community Program Manager for Meetups.
-
SonarQube 10.7 was released, including support for Dart!
-
We’re announcing AI CodeFix and AI Code Assurance coming to both SonarQube and SonarCloud
There are lots of new shiny things, but we’re still grateful every time you give us feedback on slightly less new, less shiny things. So, like every week, we want to spend some time acknowledging everyone who prompted interesting discussions and gave us feedback to help us continuously improve.
SonarQube:
-
Passing extra certificate data to the SonarScanner CLI Docker Image has become a hot topic lately. We hope we’ve finally made it easier with the reintroduction of
keytool
. Thanks for your feedback @Paolo_Balzarotti! -
Speaking of SSL issues, we need to update the Scanner for NPM to use a newer version of the SonarScanner CLI. Thanks for helping us realize this @majenny! SCANNPM-51.
SonarCloud:
-
Thanks, @reiniertvb and @gashupl, for reporting an issue with the display of ratings when configuring Quality Gates. The fix has been merged and will be deployed soon (if it hasn’t already been).
-
A number of users have reported, since May, that when analyzing PRs / Branches with 0 new executable lines, a message was shown implying that code coverage needed to be configured… when actually, there were just no new lines to cover, and the coverage import was working fine. We’ve finally fixed this issue. Thanks for all the reports (I have to keep typing words to be able to link them all): @long-tran-dss, @shijigopinathan, @Richardo_sm, @weitzmax, @risingmars, @MartinManchev, @Diego_Froes, @shubhendu-shukla, @Shashikala_M, @hsmett, @Notten02, @Paul_Birtle, @CraigF, @Chong_Xiang, @Alejandro_Castaneda, @EskoStein, @FreddyGroen, and surely others that slipped through.
eslint-plugin-sonarjs:
We received quite a bit of feedback on eslint-plugin-sonarjs this week, and it’s time to say thank you.
-
@aarongoldenthal and @Avasam have rightfully pointed out that we aren’t doing a great job documenting changes. We’re going to find a solution. ESLINTJS-55
-
@Avasam also suggested we should direct the “Homepage” link of eslint-plugin-sonarjs - npm to the specific README in SonarSource/sonar-js. We agree and have already changed it.
-
Finally, @Avasam (quite the hero this week) pointed out that we no longer need to prepend “sonar-” to any of the rules provided by this plugin, which are already prefixed by
sonarjs
. ESLINTJS-57 -
@ildella suggests that we provide different profiles of recommended configurations based on what framework(s) the user is actually using. ESLINTJS-59
Rule & Languages Improvements:
-
@Faheem_Husain astutely pointed out that hard-coded passwords are not being detected in launchSettings.json. We should tweak the rule to check these files. Thanks! SonarSource/sonar-dotnet #9675
-
java:S1258
should make an exception to the rule when thejavafx.fxml.FXML
annotation is used (now I can’t stop thinking about that old site FML). Thanks @Astella! SONARJAVA-5136 -
java:s2245
needs to be updated to consider changes to Commons Lang’sRandomStringUtils
, specifically that it’s use is considered Safe when used with the methodsecure()
since v3.17 of the library. Thanks @tmortagne! SONARJAVA-5134 -
java:S3457
is raising false positives whenLogger
is used withStructuredArguments
. Thanks @kuaw26! SONARJAVA-5133 -
php:S1192
should not report an issue on Laravel-like validation strings. Thanks @mx-jhinz! SONARPHP-1534 -
Kotlin Gradle scripts shouldn’t be analyzed by our Kotlin analyzer. Thanks @Vampire. SONARKT-402
Once more, we extend our thanks to everyone mentioned here - and those we may have missed - for their efforts in strengthening this community and enhancing our Sonar products.
Please leave your own recognitions below – whether for another community member or a SonarSourcer who assisted you this week. If there’s someone you think should be acknowledged in next week’s roundup, don’t hesitate to let us know.