If you’re one of the people who’s been waiting for the SonarScanner for Gradle to support Android Gradle Plugin 9, your day has finally come! 
We announced the release of Sonar Scanner for Gradle 7.3.0 yesterday which (finally 
) brings this compatibility. Happy coding! 
And now, like every week, we’d like to take a moment to recognize you, the users, who help improve the ecosystem for everyone by sparking valuable discussions and providing feedback to drive continuous improvement in our products.
SonarQube for IDE
- @Hendrik_Iben patiently helped us chase down a bug where SonarQube for IntelliJ would ‘forget’ its Node.js path, providing verbose logs and follow-up details over multiple rounds. We couldn’t pin down a single root cause, but we made the Node.js detection logic more robust in SonarQube for IntelliJ 12.1: SLI-2530.
SonarQube Cloud
-
Analyses started failing on
mainbranches for @VicD9, @mungodewar, and @jrepe with errors like “Project or branch in report does not match the project or branch under which it was submitted”. We declared an incident, traced it to projects that had gotten into a bad state in our DB. We appreciate everyone’s patience and have deployed a fix. -
@Taryn_Mervis, @AndyBrook, @asi, @bcopping, and @Carlos_Reyes hit an unauthorized error when logging in via Bitbucket after a Bitbucket brownout broke our Auth0 integration. Auth0 deployed a fix everything is back to normal. Apologies for the disruption, and thanks for your patience while we coordinated across vendors!
SonarQube Server / Community Build
- @nifty provided a beautifully thorough report on SonarQube badges no longer rendering in Azure DevOps dashboards after Microsoft added new CORS checks. SONAR-27658.
Scanners
- Pipelines started failing for @Jeff_Sondag, @Eelco, @mstaszew, @thavecker, and @wyrdfish the morning the SonarQube extension for Azure DevOps auto-updated to 8.2.1, with zip-extraction errors during task download. After several weeks, we finally got to the right people on the Microsoft side to acknowledge and address the problem, so this is finally fixed. Special thanks to @lzandman for testing on a private DevOps instance to confirm the corruption was specific to certain Microsoft tenants, and to @Goz3rr for confirming that uninstalling and reinstalling the extension cleared the corrupted download.
Rules & Languages
-
csharpsquid:S1210raises a false positive on file-scoped types, parallel to the recently-fixed FP on private types. Thanks to @Corniel for spotting the gap! We’ve added it to our backlog. -
java:S881lists CERT references for C/C++ resources on a Java rule, which @VolkerG flagged as confusing. After digging into the rule’s history, we agreed the description needs updating: SONARJAVA-6301. -
typescript:S6759misses readonly props when interfaces and types are mixed. Thanks to @landisdesign for the detailed reproducer! JS-1685 -
java:S1143incorrectly fires on areturninside a lambda within afinallyblock, even though the return only exits the lambda. Thanks for the detailed report, @Emilyaxe! SONARJAVA-6326
Thanks again to everyone mentioned here - and to anyone we may have missed - for your ongoing contributions in making this community stronger and helping us improve Sonar products.
If you’d like to give a shout-out to someone, whether a community member or a SonarSourcer who helped you, please do so below. And if there’s someone you think we should acknowledge next week, let us know!
Ann