If your question is about SonarQube for IDE in the IntelliJ Platform, VS Code, Visual Studio, or Eclipse, please post it in that sub-category.
Otherwise, please provide:
- Operating system: Windows 11 Enterprise
- IDE name and flavor/env: Both JetBrains Rider and Visual Studio
And a thorough description of the problem / question:
We’re getting errors in our network of invalidly signed dll’s regarding the SonarQube for IDE plugin for both Rider and Visual Studio. It concerns the sonarsource-cfamily-jni1968860048899714683.dll specifically. Our network administrators flagged this because we want to securely use the plugin, and currently it’s getting flagged multiple times a day. Can you please fix the signing of the mentioned .dll in the plugin?
Hello @Petersaighlee, and thank you for sharing the feedback with us,
One thing to mention here is that this DLL is not downloaded over the network; It is packaged inside the extension, whose integrity is ensured by the IDE / marketplace download process. Once the DLL is needed, it is extracted into a temporary directory from the packaged extension.
We’re getting errors in our network of invalidly signed dll’s
To ensure we correctly understand the behavior you’re observing, could you clarify if the tool is reporting the file as unsigned, rather than having an invalid signature? We didn’t have a strong need to sign the DLL so far, because it is never transferred over the network standalone.
Also, we would appreciate any additional information about the flagging reason, as it can help us prioritize this on our side. I can also start a private thread if you would prefer to share more information privately.
Best regards,
Michael
Thanks for your reply, and my apologies for my late response.
I’ve asked our IT department and they’ve provided me with a correction: the DLL is flagged because it’s unsigned, but not in the network, but from local machines. Windows Defender for Endpoint flags the DLL as unsigned. It’s flags the DLL as unsigned, so not incorrectly signed.
I hope this provides enough information for further investigation. If not, please let me know.