Hello Pythonistas,
Our latest analyzer release addresses issues that you may experience when using serverless AWS features. These 15 new rules focus on efficient resource utilization, best practices and encourage reliability and security when writing Python code for AWS lambdas. They are now available on SonarQube Cloud, in the upcoming SonarQube IDE releases, from SonarQube Server 2025.5 and from SonarQube Community Build 25.9.
- S6243: Reusable resources should be initialized at construction time of Lambda functions
- S6246: Lambdas should not invoke other lambdas synchronously
- S6249: Authorizing HTTP communications with S3 buckets is security-sensitive
- S6262: AWS region should not be set with a hardcoded String
- S7608: S3 operations should verify bucket ownership using ExpectedBucketOwner parameter
- S7609: AWS CloudWatch metrics namespace should not begin with
AWS/ - S7613: AWS Lambda handlers should return only JSON serializable values
- S7614: AWS Lambda handlers must not be an async function
- S7617: Reserved environment variable names should not be overridden in Lambda functions
- S7618: Network calls in AWS Lambda functions shouldn’t be made without explicit timeout parameters
- S7619: “botocore.exceptions.ClientError” must be explicitly catch and handled
- S7620: AWS Lambda handlers should clean up temporary files in /tmp directory
- S7621: AWS waiters should be used instead of custom polling loops
- S7622: boto3 operations that support pagination should be performed using paginators or manual pagination handling
- S7625: Long-term AWS access keys should not be used directly in code
As always, share your feedback and experience with us below. Happy coding!
Jean