Daniel Strmečki & Martin Gluhak

Automated Code Quality Checks with Custom SonarQube Rules

Stop documenting coding standards and start enforcing them. This talk shows you how to build custom SonarQube rules from scratch to block bad code.

Automated Code Quality Checks with Custom SonarQube Rules
#1about 3 minutes

Introduction to the company's code quality approach

An overview of the company's focus on code quality as a differentiator and the agenda for creating custom SonarQube rules.

#2about 3 minutes

The business case for standardizing code quality

Standardizing code quality improves customer perception, attracts talent, prevents repeated mistakes, and streamlines onboarding for new developers.

#3about 5 minutes

Implementing a comprehensive quality assurance strategy

A successful quality assurance strategy relies on shared team responsibility, continuous testing, and a high degree of automation across the test pyramid.

#4about 5 minutes

Creating coding guidelines and using initial tools

Establishing documented coding guidelines and using the free version of SonarQube helps standardize code but lacks enforcement for fixes and architectural checks.

#5about 4 minutes

Enforcing code quality with automated checks

Enforce coding standards by using SonarQube pull request decoration to block merges, ArchUnit for architectural tests, and custom rules for framework-specific issues.

#6about 4 minutes

Setting up a project for custom SonarQube rules

Start creating custom rules by cloning the official SonarSource template project from GitHub, which provides the necessary structure and dependencies.

#7about 4 minutes

Writing unit tests for a custom SonarQube rule

Use test-driven development by creating a Java code snippet with non-compliant comments and a JUnit test class that uses CheckVerifier to validate the rule's logic.

#8about 6 minutes

Implementing the rule logic using the syntax tree

Implement the rule by extending BaseTreeVisitor to traverse the abstract syntax tree, identifying the method's return type, and reporting an issue if it matches the target class.

#9about 4 minutes

Documenting the rule and building the plugin JAR

Finalize the rule by adding it to the plugin's rule list, creating HTML documentation with examples, and defining metadata in a JSON file before building the JAR.

#10about 9 minutes

Deploying and using the custom rule in SonarQube and IntelliJ

Deploy the custom rule by placing the JAR in the SonarQube plugins directory, activating it in a quality profile, and connecting SonarLint to see violations in the IDE.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

See all videos
Application Modernization Leveraging Gen-AI for Automated Code Transformation41:17

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

Modern Java: This is not your father's Java anymore27:49

Modern Java: This is not your father's Java anymore

Ron Veen

Give your build some love, it will give it back!45:39

Give your build some love, it will give it back!

Amanda Martin

The Clean as You Code Imperative30:40

The Clean as You Code Imperative

Olivier Gaudin

Supercharging Static Code Analysis: Konveyor AI & LLMs33:14

Supercharging Static Code Analysis: Konveyor AI & LLMs

Daniel Oh

Build a CI/CD pipeline to automate code reviews and ensure code quality45:28

Build a CI/CD pipeline to automate code reviews and ensure code quality

Julien Delange

Are you still programming unit tests or already generating?29:31

Are you still programming unit tests or already generating?

Johannes Bergsmann & Daniel Bauer

Grappling With Clunky Old Software? Start by Understanding What’s Inside!30:23

Grappling With Clunky Old Software? Start by Understanding What’s Inside!

Luc Perard

From learning to earning

Jobs that call for the skills explored in this talk.