Automated Code Quality Checks with Custom SonarQube Rules

Stop documenting coding standards and start enforcing them. This talk shows you how to build custom SonarQube rules from scratch to block bad code.

#1about 3 minutes

Introduction to the company's code quality approach

An overview of the company's focus on code quality as a differentiator and the agenda for creating custom SonarQube rules.

#2about 3 minutes

The business case for standardizing code quality

Standardizing code quality improves customer perception, attracts talent, prevents repeated mistakes, and streamlines onboarding for new developers.

#3about 5 minutes

Implementing a comprehensive quality assurance strategy

A successful quality assurance strategy relies on shared team responsibility, continuous testing, and a high degree of automation across the test pyramid.

#4about 5 minutes

Creating coding guidelines and using initial tools

Establishing documented coding guidelines and using the free version of SonarQube helps standardize code but lacks enforcement for fixes and architectural checks.

#5about 4 minutes

Enforcing code quality with automated checks

Enforce coding standards by using SonarQube pull request decoration to block merges, ArchUnit for architectural tests, and custom rules for framework-specific issues.

#6about 4 minutes

Setting up a project for custom SonarQube rules

Start creating custom rules by cloning the official SonarSource template project from GitHub, which provides the necessary structure and dependencies.

#7about 4 minutes

Writing unit tests for a custom SonarQube rule

Use test-driven development by creating a Java code snippet with non-compliant comments and a JUnit test class that uses CheckVerifier to validate the rule's logic.

#8about 6 minutes

Implementing the rule logic using the syntax tree

Implement the rule by extending BaseTreeVisitor to traverse the abstract syntax tree, identifying the method's return type, and reporting an issue if it matches the target class.

#9about 4 minutes

Documenting the rule and building the plugin JAR

Finalize the rule by adding it to the plugin's rule list, creating HTML documentation with examples, and defining metadata in a JSON file before building the JAR.

#10about 9 minutes

Deploying and using the custom rule in SonarQube and IntelliJ

Deploy the custom rule by placing the JAR in the SonarQube plugins directory, activating it in a quality profile, and connecting SonarLint to see violations in the IDE.