Daniel Strmečki & Martin Gluhak

Automated Code Quality Checks with Custom SonarQube Rules

Stop documenting coding standards and start enforcing them. This talk shows you how to build custom SonarQube rules from scratch to block bad code.

Automated Code Quality Checks with Custom SonarQube Rules
#1about 3 minutes

Introduction to the company's code quality approach

An overview of the company's focus on code quality as a differentiator and the agenda for creating custom SonarQube rules.

#2about 3 minutes

The business case for standardizing code quality

Standardizing code quality improves customer perception, attracts talent, prevents repeated mistakes, and streamlines onboarding for new developers.

#3about 5 minutes

Implementing a comprehensive quality assurance strategy

A successful quality assurance strategy relies on shared team responsibility, continuous testing, and a high degree of automation across the test pyramid.

#4about 5 minutes

Creating coding guidelines and using initial tools

Establishing documented coding guidelines and using the free version of SonarQube helps standardize code but lacks enforcement for fixes and architectural checks.

#5about 4 minutes

Enforcing code quality with automated checks

Enforce coding standards by using SonarQube pull request decoration to block merges, ArchUnit for architectural tests, and custom rules for framework-specific issues.

#6about 4 minutes

Setting up a project for custom SonarQube rules

Start creating custom rules by cloning the official SonarSource template project from GitHub, which provides the necessary structure and dependencies.

#7about 4 minutes

Writing unit tests for a custom SonarQube rule

Use test-driven development by creating a Java code snippet with non-compliant comments and a JUnit test class that uses CheckVerifier to validate the rule's logic.

#8about 6 minutes

Implementing the rule logic using the syntax tree

Implement the rule by extending BaseTreeVisitor to traverse the abstract syntax tree, identifying the method's return type, and reporting an issue if it matches the target class.

#9about 4 minutes

Documenting the rule and building the plugin JAR

Finalize the rule by adding it to the plugin's rule list, creating HTML documentation with examples, and defining metadata in a JSON file before building the JAR.

#10about 9 minutes

Deploying and using the custom rule in SonarQube and IntelliJ

Deploy the custom rule by placing the JAR in the SonarQube plugins directory, activating it in a quality profile, and connecting SonarLint to see violations in the IDE.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Q&A on tools, metrics, and distributed teams
46:14 MIN

Q&A on tools, metrics, and distributed teams

Domain-Driven Transformation—How to Bring (Back) Sustainable Architecture to Legacy and Monoliths

Q&A on Sonar, AI in code analysis, and pricing
23:50 MIN

Q&A on Sonar, AI in code analysis, and pricing

The Clean as You Code Imperative

Implementing advanced testing strategies in Gradle
20:59 MIN

Implementing advanced testing strategies in Gradle

Give your build some love, it will give it back!

Q&A: Who benefits most and ensuring code quality
51:27 MIN

Q&A: Who benefits most and ensuring code quality

From Syntax to Singularity: AI’s Impact on Developer Roles

Using static analysis and quality gates for code quality
22:26 MIN

Using static analysis and quality gates for code quality

One-click-to-production: Test and automate your application

Structuring the development and testing workflow
05:20 MIN

Structuring the development and testing workflow

Enabling automated 1-click customer deployments with built-in quality and security

Automating security checks in the CI/CD pipeline
11:05 MIN

Automating security checks in the CI/CD pipeline

DevSecOps: Security in DevOps

Solutions for bridging the hardware and software divide
24:33 MIN

Solutions for bridging the hardware and software divide

More efficient software for more efficient microchips

Featured Partners

Related Videos

See all videos
The Clean as You Code Imperative30:40

The Clean as You Code Imperative

Olivier Gaudin

Supercharging Static Code Analysis: Konveyor AI & LLMs33:14

Supercharging Static Code Analysis: Konveyor AI & LLMs

Daniel Oh

Application Modernization Leveraging Gen-AI for Automated Code Transformation41:17

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

Build a CI/CD pipeline to automate code reviews and ensure code quality45:28

Build a CI/CD pipeline to automate code reviews and ensure code quality

Julien Delange

Are you still programming unit tests or already generating?29:31

Are you still programming unit tests or already generating?

Johannes Bergsmann & Daniel Bauer

Grappling With Clunky Old Software? Start by Understanding What’s Inside!30:23

Grappling With Clunky Old Software? Start by Understanding What’s Inside!

Luc Perard

Test-Driven Development: It's easier than you think!25:36

Test-Driven Development: It's easier than you think!

Eric Deandrea

One-click-to-production: Test and automate your application31:15

One-click-to-production: Test and automate your application

Bartosz Pietrucha

Related Articles

View all articles
BR
Benjamin Ruschin
What Developers Really Need to Create Great Code Demos
Every developer on earth has, at some point, had another developer to thank for a breakthrough, a success, an aha moment they wouldn’t have had without coming across that blog post, that open-source contribution, that reply on socials or that humble ...
What Developers Really Need to Create Great Code Demos
BB
Benedikt Bischof
How we Build The Software of Tomorrow
Welcome to this issue of the WeAreDevelopers Live Talk series. This article recaps an interesting talk by Thomas Dohmke who introduced us to the future of AI – coding.This is how Thomas describes himself:I am the CEO of GitHub and drive the company’s...
How we Build The Software of Tomorrow

From learning to earning

Jobs that call for the skills explored in this talk.

Software Engineer

Software Engineer

IT Sonix Custom Development
Leipzig, Germany

Remote
Java
Scrum
Scala
React
+7