February 2026 monthly summary for SonarSource repositories, highlighting performance, correctness, and maintainability improvements across analyzer components. Delivered feature work focused on build performance, code readability, and robust constructor validation logic, with traceable commits and explicit business value.

During 2026-01, SonarSource/sonar-java delivered a set of feature improvements and bug fixes that broaden static analysis coverage, improve testing flexibility, and reduce false positives, delivering measurable improvements in code quality and developer productivity. Key outcomes include: 1) Extended Random subclass checks to all Random subclasses, improving detection of non-compliant or risky usage across the codebase. 2) TestNG Assertion Messaging and Compatibility Enhancements: require messages for assertThrows and expectThrows, support multiple TestNG versions, added tests and documentation updates. 3) TestKit JAR Dependency Management: enhances testkit to add/remove specific JAR dependencies for tests. 4) Static Analysis Rule Improvements: NonStaticClassInitializerCheck and SpringRequestMappingMethodCheck to reduce false positives in anonymous classes and improve reporting of mixed safe/unsafe HTTP methods in Spring controllers. 5) Integration tests and documentation alignment: repaired integration tests and updated README; test resources aligned with current JDK/version requirements.